NSX-T Data Center REST API

ALBAcceptedCipherEnums (schema)

AcceptedCipherEnums type

Valid ENUM values for ALBAcceptedCipherEnums

Name Description Type Notes
ALBAcceptedCipherEnums AcceptedCipherEnums type

Valid ENUM values for ALBAcceptedCipherEnums		 string Enum: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256

ALBActiveStandbySeTag (schema)

ActiveStandbySeTag type

Valid ENUM values for ALBActiveStandbySeTag

Name Description Type Notes
ALBActiveStandbySeTag ActiveStandbySeTag type

Valid ENUM values for ALBActiveStandbySeTag		 string Enum: ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2

ALBAlertScriptConfig (schema)

AlertScriptConfig

Advanced load balancer AlertScriptConfig object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action_script Action script

User Defined Alert Action Script.
Please refer to kb.avinetworks.com for more information.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBAlertScriptConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBAnalyticsPolicy (schema)

AnalyticsPolicy

Advanced load balancer AnalyticsPolicy object

Name Description Type Notes
all_headers All headers

Log all headers.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
client_insights Client insights

Gain insights from sampled client to server HTTP requests
and responses.
Enum options - NO_INSIGHTS, PASSIVE, ACTIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as NO_INSIGHTS.
ALBClientInsights Default: "NO_INSIGHTS"
client_insights_sampling Client insights sampling

Placeholder for description of property
client_insights_sampling of obj type AnalyticsPolicy field
type str type ref.
ALBClientInsightsSampling
client_log_filters Client log filters

Placeholder for description of property client_log_filters
of obj type AnalyticsPolicy field type str type array.
array of ALBClientLogFilter
full_client_logs Full client logs

Placeholder for description of property full_client_logs of
obj type AnalyticsPolicy field type str type ref.
ALBFullClientLogs
metrics_realtime_update Metrics realtime update

Settings to turn on realtime metrics and set duration for
realtime updates.
ALBMetricsRealTimeUpdate
significant_log_throttle Significant log throttle

This setting limits the number of significant logs
generated per second for this VS on each SE.
Default is 10 logs per second.
Set it to zero (0) to deactivate throttling.
Unit is PER_SECOND.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Default: "10"
udf_log_throttle Udf log throttle

This setting limits the total number of UDF logs generated
per second for this VS on each SE.
UDF logs are generated due to the configured client log
filters or the rules with logging enabled.
Default is 10 logs per second.
Set it to zero (0) to deactivate throttling.
Unit is PER_SECOND.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Default: "10"

ALBAnalyticsProfile (schema)

AnalyticsProfile

Advanced load balancer AnalyticsProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
apdex_response_threshold Apdex response threshold

If a client receives an HTTP response in less than the
Satisfactory Latency Threshold, the request is considered
Satisfied.
It is considered Tolerated if it is not Satisfied and less
than Tolerated Latency Factor multiplied by the Satisfactory
Latency Threshold.
Greater than this number and the client's request is
considered Frustrated.
Allowed values are 1-30000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 500) edition,
Essentials(Allowed values- 500) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 500.
integer Minimum: 1
Maximum: 30000
Default: "500"
apdex_response_tolerated_factor Apdex response tolerated factor

Client tolerated response latency factor.
Client must receive a response within this factor times the
satisfactory threshold (apdex_response_threshold) to be
considered tolerated.
Allowed values are 1-1000.
Allowed in Basic(Allowed values- 4) edition,
Essentials(Allowed values- 4) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.0.
number Default: "4.0"
apdex_rtt_threshold Apdex rtt threshold

Satisfactory client to Avi Round Trip Time(RTT).
Allowed values are 1-2000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 250) edition,
Essentials(Allowed values- 250) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 250.
integer Minimum: 1
Maximum: 2000
Default: "250"
apdex_rtt_tolerated_factor Apdex rtt tolerated factor

Tolerated client to Avi Round Trip Time(RTT) factor.
It is a multiple of apdex_rtt_tolerated_factor.
Allowed values are 1-1000.
Allowed in Basic(Allowed values- 4) edition,
Essentials(Allowed values- 4) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.0.
number Default: "4.0"
apdex_rum_threshold Apdex rum threshold

If a client is able to load a page in less than the
Satisfactory Latency Threshold, the PageLoad is considered
Satisfied.
It is considered tolerated if it is greater than Satisfied
but less than the Tolerated Latency multiplied by Satisifed
Latency.
Greater than this number and the client's request is
considered Frustrated.
A PageLoad includes the time for DNS lookup, download of
all HTTP objects, and page render time.
Allowed values are 1-30000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 5000) edition,
Essentials(Allowed values- 5000) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 5000.
integer Minimum: 1
Maximum: 30000
Default: "5000"
apdex_rum_tolerated_factor Apdex rum tolerated factor

Virtual service threshold factor for tolerated Page Load
Time (PLT) as multiple of apdex_rum_threshold.
Allowed values are 1-1000.
Allowed in Basic(Allowed values- 4) edition,
Essentials(Allowed values- 4) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.0.
number Default: "4.0"
apdex_server_response_threshold Apdex server response threshold

A server HTTP response is considered Satisfied if latency
is less than the Satisfactory Latency Threshold.
The response is considered tolerated when it is greater
than Satisfied but less than the Tolerated Latency Factor (STAR)
S_Latency.
Greater than this number and the server response is
considered Frustrated.
Allowed values are 1-30000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 400) edition,
Essentials(Allowed values- 400) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 400.
integer Minimum: 1
Maximum: 30000
Default: "400"
apdex_server_response_tolerated_factor Apdex server response tolerated factor

Server tolerated response latency factor.
Servermust response within this factor times the
satisfactory threshold (apdex_server_response_threshold) to
be considered tolerated.
Allowed values are 1-1000.
Allowed in Basic(Allowed values- 4) edition,
Essentials(Allowed values- 4) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.0.
number Default: "4.0"
apdex_server_rtt_threshold Apdex server rtt threshold

Satisfactory client to Avi Round Trip Time(RTT).
Allowed values are 1-2000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 125) edition,
Essentials(Allowed values- 125) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 125.
integer Minimum: 1
Maximum: 2000
Default: "125"
apdex_server_rtt_tolerated_factor Apdex server rtt tolerated factor

Tolerated client to Avi Round Trip Time(RTT) factor.
It is a multiple of apdex_rtt_tolerated_factor.
Allowed values are 1-1000.
Allowed in Basic(Allowed values- 4) edition,
Essentials(Allowed values- 4) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.0.
number Default: "4.0"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
client_log_config Client log config

Configure which logs are sent to the Avi Controller from
SEs and how they are processed.
ALBClientLogConfiguration
client_log_streaming_config Client log streaming config

Configure to stream logs to an external server.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBClientLogStreamingConfig
conn_lossy_ooo_threshold Conn lossy ooo threshold

A connection between client and Avi is considered lossy
when more than this percentage of out of order packets are
received.
Allowed values are 1-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 50) edition,
Essentials(Allowed values- 50) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 50.
integer Minimum: 1
Maximum: 100
Default: "50"
conn_lossy_timeo_rexmt_threshold Conn lossy timeo rexmt threshold

A connection between client and Avi is considered lossy
when more than this percentage of packets are retransmitted
due to timeout.
Allowed values are 1-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 20) edition,
Essentials(Allowed values- 20) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 20.
integer Minimum: 1
Maximum: 100
Default: "20"
conn_lossy_total_rexmt_threshold Conn lossy total rexmt threshold

A connection between client and Avi is considered lossy
when more than this percentage of packets are retransmitted.
Allowed values are 1-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 50) edition,
Essentials(Allowed values- 50) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 50.
integer Minimum: 1
Maximum: 100
Default: "50"
conn_lossy_zero_win_size_event_threshold Conn lossy zero win size event threshold

A client connection is considered lossy when percentage of
times a packet could not be trasmitted due to TCP zero
window is above this threshold.
Allowed values are 0-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 2) edition,
Essentials(Allowed values- 2) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.
integer Minimum: 0
Maximum: 100
Default: "2"
conn_server_lossy_ooo_threshold Conn server lossy ooo threshold

A connection between Avi and server is considered lossy
when more than this percentage of out of order packets are
received.
Allowed values are 1-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 50) edition,
Essentials(Allowed values- 50) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 50.
integer Minimum: 1
Maximum: 100
Default: "50"
conn_server_lossy_timeo_rexmt_threshold Conn server lossy timeo rexmt threshold

A connection between Avi and server is considered lossy
when more than this percentage of packets are retransmitted
due to timeout.
Allowed values are 1-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 20) edition,
Essentials(Allowed values- 20) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 20.
integer Minimum: 1
Maximum: 100
Default: "20"
conn_server_lossy_total_rexmt_threshold Conn server lossy total rexmt threshold

A connection between Avi and server is considered lossy
when more than this percentage of packets are retransmitted.
Allowed values are 1-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 50) edition,
Essentials(Allowed values- 50) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 50.
integer Minimum: 1
Maximum: 100
Default: "50"
conn_server_lossy_zero_win_size_event_threshold Conn server lossy zero win size event threshold

A server connection is considered lossy when percentage of
times a packet could not be trasmitted due to TCP zero
window is above this threshold.
Allowed values are 0-100.
Unit is PERCENT.
Allowed in Basic(Allowed values- 2) edition,
Essentials(Allowed values- 2) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.
integer Minimum: 0
Maximum: 100
Default: "2"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_adaptive_config Enable adaptive config

Enable adaptive configuration for optimizing resource
usage.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
enable_advanced_analytics Enable advanced analytics

Enables Advanced Analytics features like Anomaly detection.
If set to false, anomaly computation (and associated
rules/events) for VS, Pool and Server metrics will be
deactivated.
However, setting it to false reduces cpu and memory
requirements for Analytics subsystem.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Special default for Basic edition is false, Essentials
edition is false, Enterprise is True.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_ondemand_metrics Enable ondemand metrics

Virtual Service (VS) metrics are processed only when there
is live data traffic on the VS.
In case, VS is idle for a period of time as specified by
ondemand_metrics_idle_timeout then metrics processing is
suspended for that VS.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
enable_se_analytics Enable se analytics

Enable node (service engine) level analytics forvs metrics.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
enable_server_analytics Enable server analytics

Enables analytics on backend servers.
This may be desired in container environment when there are
large number of ephemeral servers.
Additionally, no healthscore of servers is computed when
server analytics is enabled.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
enable_vs_analytics Enable vs analytics

Enable VirtualService (frontend) Analytics.
This flag enables metrics and healthscore for
Virtualservice.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
exclude_client_close_before_request_as_error Exclude client close before request as error

Exclude client closed connection before an HTTP request
could be completed from being classified as an error.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_dns_policy_drop_as_significant Exclude dns policy drop as significant

Exclude dns policy drops from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_gs_down_as_error Exclude gs down as error

Exclude queries to GSLB services that are operationally
down from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_http_error_codes Exclude http error codes

List of HTTP status codes to be excluded from being
classified as an error.
Error connections or responses impacts health score, are
included as significant logs, and may be classified as part
of a DoS attack.
array of integer
exclude_invalid_dns_domain_as_error Exclude invalid dns domain as error

Exclude dns queries to domains outside the domains
configured in the DNS application profile from the list of
errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_invalid_dns_query_as_error Exclude invalid dns query as error

Exclude invalid dns queries from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_issuer_revoked_ocsp_responses_as_error Exclude issuer revoked ocsp responses as error

Exclude the Issuer-Revoked OCSP Responses from the list of
errors.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
exclude_no_dns_record_as_error Exclude no dns record as error

Exclude queries to domains that did not have configured
services/records from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_no_valid_gs_member_as_error Exclude no valid gs member as error

Exclude queries to GSLB services that have no available
members from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_persistence_change_as_error Exclude persistence change as error

Exclude persistence server changed while load balancing'
from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_revoked_ocsp_responses_as_error Exclude revoked ocsp responses as error

Exclude the Revoked OCSP certificate status responses from
the list of errors.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
exclude_server_dns_error_as_error Exclude server dns error as error

Exclude server dns error response from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_server_tcp_reset_as_error Exclude server tcp reset as error

Exclude server TCP reset from errors.
It is common for applications like MS Exchange.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_sip_error_codes Exclude sip error codes

List of SIP status codes to be excluded from being
classified as an error.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of integer
exclude_stale_ocsp_responses_as_error Exclude stale ocsp responses as error

Exclude the Stale OCSP certificate status responses from
the list of errors.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
exclude_syn_retransmit_as_error Exclude syn retransmit as error

Exclude 'server unanswered syns' from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_tcp_reset_as_error Exclude tcp reset as error

Exclude TCP resets by client from the list of potential
errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
exclude_unavailable_ocsp_responses_as_error Exclude unavailable ocsp responses as error

Exclude the unavailable OCSP Responses from the list of
errors.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
exclude_unsupported_dns_query_as_error Exclude unsupported dns query as error

Exclude unsupported dns queries from the list of errors.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
healthscore_max_server_limit Healthscore max server limit

Skips health score computation of pool servers when number
of servers in a pool is more than this setting.
Allowed values are 0-5000.
Special values are 0- 'server health score is deactivated'.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Special default for Basic edition is 0, Essentials edition
is 0, Enterprise is 20.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 5000
Default: "0"
hs_event_throttle_window Hs event throttle window

Time window (in secs) within which only unique health
change events should occur.
Allowed in Basic(Allowed values- 1209600) edition,
Essentials(Allowed values- 1209600) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1209600.
integer Default: "1209600"
hs_max_anomaly_penalty Hs max anomaly penalty

Maximum penalty that may be deducted from health score for
anomalies.
Allowed values are 0-100.
Allowed in Basic(Allowed values- 10) edition,
Essentials(Allowed values- 10) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Minimum: 0
Maximum: 100
Default: "10"
hs_max_resources_penalty Hs max resources penalty

Maximum penalty that may be deducted from health score for
high resource utilization.
Allowed values are 0-100.
Allowed in Basic(Allowed values- 25) edition,
Essentials(Allowed values- 25) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 25.
integer Minimum: 0
Maximum: 100
Default: "25"
hs_max_security_penalty Hs max security penalty

Maximum penalty that may be deducted from health score
based on security assessment.
Allowed values are 0-100.
Allowed in Basic(Allowed values- 100) edition,
Essentials(Allowed values- 100) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Minimum: 0
Maximum: 100
Default: "100"
hs_min_dos_rate Hs min dos rate

DoS connection rate below which the DoS security assessment
will not kick in.
Allowed in Basic(Allowed values- 1000) edition,
Essentials(Allowed values- 1000) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1000.
integer Default: "1000"
hs_performance_boost Hs performance boost

Adds free performance score credits to health score.
It can be used for compensating health score for known slow
applications.
Allowed values are 0-100.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 100
Default: "0"
hs_pscore_traffic_threshold_l4_client Hs pscore traffic threshold l4 client

Threshold number of connections in 5min, below which
apdexr, apdexc, rum_apdex, and other network quality metrics
are not computed.
Allowed in Basic(Allowed values- 10) edition,
Essentials(Allowed values- 10) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.0.
number Default: "10.0"
hs_pscore_traffic_threshold_l4_server Hs pscore traffic threshold l4 server

Threshold number of connections in 5min, below which
apdexr, apdexc, rum_apdex, and other network quality metrics
are not computed.
Allowed in Basic(Allowed values- 10) edition,
Essentials(Allowed values- 10) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.0.
number Default: "10.0"
hs_security_certscore_expired Hs security certscore expired

Score assigned when the certificate has expired.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 0.0) edition,
Essentials(Allowed values- 0.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.0.
number Default: "0.0"
hs_security_certscore_gt30d Hs security certscore gt30d

Score assigned when the certificate expires in more than 30
days.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 5.0) edition,
Essentials(Allowed values- 5.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.0.
number Default: "5.0"
hs_security_certscore_le07d Hs security certscore le07d

Score assigned when the certificate expires in less than or
equal to 7 days.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 2.0) edition,
Essentials(Allowed values- 2.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.0.
number Default: "2.0"
hs_security_certscore_le30d Hs security certscore le30d

Score assigned when the certificate expires in less than or
equal to 30 days.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 4.0) edition,
Essentials(Allowed values- 4.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.0.
number Default: "4.0"
hs_security_chain_invalidity_penalty Hs security chain invalidity penalty

Penalty for allowing certificates with invalid chain.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 1.0) edition,
Essentials(Allowed values- 1.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.0.
number Default: "1.0"
hs_security_cipherscore_eq000b Hs security cipherscore eq000b

Score assigned when the minimum cipher strength is 0 bits.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 0.0) edition,
Essentials(Allowed values- 0.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.0.
number Default: "0.0"
hs_security_cipherscore_ge128b Hs security cipherscore ge128b

Score assigned when the minimum cipher strength is greater
than equal to 128 bits.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 5.0) edition,
Essentials(Allowed values- 5.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.0.
number Default: "5.0"
hs_security_cipherscore_lt128b Hs security cipherscore lt128b

Score assigned when the minimum cipher strength is less
than 128 bits.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 3.5) edition,
Essentials(Allowed values- 3.5) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 3.5.
number Default: "3.5"
hs_security_encalgo_score_none Hs security encalgo score none

Score assigned when no algorithm is used for encryption.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 0.0) edition,
Essentials(Allowed values- 0.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.0.
number Default: "0.0"
hs_security_encalgo_score_rc4 Hs security encalgo score rc4

Score assigned when RC4 algorithm is used for encryption.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 2.5) edition,
Essentials(Allowed values- 2.5) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.5.
number Default: "2.5"
hs_security_hsts_penalty Hs security hsts penalty

Penalty for not enabling HSTS.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 1.0) edition,
Essentials(Allowed values- 1.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.0.
number Default: "1.0"
hs_security_nonpfs_penalty Hs security nonpfs penalty

Penalty for allowing non-PFS handshakes.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 1.0) edition,
Essentials(Allowed values- 1.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.0.
number Default: "1.0"
hs_security_ocsp_revoked_score Hs security ocsp revoked score

Score assigned when OCSP Certificate Status is set to
Revoked or Issuer Revoked.
Allowed values are 0.0-5.0.
Allowed in Basic(Allowed values- 0.0) edition,
Essentials(Allowed values- 0.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.0.
number Default: "0.0"
hs_security_selfsignedcert_penalty Hs security selfsignedcert penalty

Deprecated.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 1.0) edition,
Essentials(Allowed values- 1.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.0.
number Default: "1.0"
hs_security_ssl30_score Hs security ssl30 score

Score assigned when supporting SSL3.0 encryption protocol.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 3.5) edition,
Essentials(Allowed values- 3.5) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 3.5.
number Default: "3.5"
hs_security_tls10_score Hs security tls10 score

Score assigned when supporting TLS1.0 encryption protocol.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 5.0) edition,
Essentials(Allowed values- 5.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.0.
number Default: "5.0"
hs_security_tls11_score Hs security tls11 score

Score assigned when supporting TLS1.1 encryption protocol.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 5.0) edition,
Essentials(Allowed values- 5.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.0.
number Default: "5.0"
hs_security_tls12_score Hs security tls12 score

Score assigned when supporting TLS1.2 encryption protocol.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 5.0) edition,
Essentials(Allowed values- 5.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.0.
number Default: "5.0"
hs_security_tls13_score Hs security tls13 score

Score assigned when supporting TLS1.3 encryption protocol.
Allowed values are 0-5.
Allowed in Basic(Allowed values- 5.0) edition,
Essentials(Allowed values- 5.0) edition, Enterprise edition.
number
hs_security_weak_signature_algo_penalty Hs security weak signature algo penalty

Penalty for allowing weak signature algorithm(s).
Allowed values are 0-5.
Allowed in Basic(Allowed values- 1.0) edition,
Essentials(Allowed values- 1.0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.0.
number Default: "1.0"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
ondemand_metrics_idle_timeout Ondemand metrics idle timeout

This flag sets the time duration of no live data traffic
after which Virtual Service metrics processing is suspended.
It is applicable only when enable_ondemand_metrics is set
to false.
Unit is SECONDS.
Default value when not specified in API or module is
interpreted by ALB Controller as 1800.
integer Default: "1800"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
ranges Ranges

List of HTTP status code ranges to be excluded from being
classified as an error.
array of ALBHTTPStatusRange
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBAnalyticsProfile string
resp_code_block Resp code block

Block of HTTP response codes to be excluded from being
classified as an error.
Enum options - AP_HTTP_RSP_4XX, AP_HTTP_RSP_5XX.
array of ALBAnalyticsProfileRespCodeBlock
sensitive_log_profile Sensitive log profile

Rules applied to the HTTP application log for filtering
sensitive information.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBSensitiveLogProfile
sip_log_depth Sip log depth

Maximum number of SIP messages added in logs for a SIP
transaction.
By default, this value is 20.
Allowed values are 1-1000.
Allowed in Basic(Allowed values- 20) edition,
Essentials(Allowed values- 20) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 20.
integer Minimum: 1
Maximum: 1000
Default: "20"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBAnalyticsProfileApiResponse (schema)

AnalyticsProfileApiResponse

AnalyticsProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of AnalyticsProfile

Array of AnalyticsProfile
array of ALBAnalyticsProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBAnalyticsProfileRespCodeBlock (schema)

AnalyticsProfileRespCodeBlock type

Valid ENUM values for ALBAnalyticsProfileRespCodeBlock

Name Description Type Notes
ALBAnalyticsProfileRespCodeBlock AnalyticsProfileRespCodeBlock type

Valid ENUM values for ALBAnalyticsProfileRespCodeBlock		 string Enum: AP_HTTP_RSP_4XX, AP_HTTP_RSP_5XX

ALBAppCookiePersistenceProfile (schema)

AppCookiePersistenceProfile

Advanced load balancer AppCookiePersistenceProfile object

Name Description Type Notes
encryption_key Encryption key

Key to use for cookie encryption.		 string
prst_hdr_name Prst hdr name

Header or cookie name for application cookie persistence.		 string Required
timeout Timeout

The length of time after a client's connections have closed
before expiring the client's persistence to a server.
Allowed values are 1-720.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 20.
integer Minimum: 1
Maximum: 720
Default: "20"

ALBAppLearningConfidenceLabel (schema)

AppLearningConfidenceLabel type

Valid ENUM values for ALBAppLearningConfidenceLabel

Name Description Type Notes
ALBAppLearningConfidenceLabel AppLearningConfidenceLabel type

Valid ENUM values for ALBAppLearningConfidenceLabel		 string Enum: CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE

ALBAppLearningConfidenceOverride (schema)

AppLearningConfidenceOverride

Advanced load balancer AppLearningConfidenceOverride object

Name Description Type Notes
confid_high_value Confid high value

Confidence threshold for label CONFIDENCE_HIGH.
Default value when not specified in API or module is
interpreted by ALB Controller as 9500.
integer Default: "9500"
confid_low_value Confid low value

Confidence threshold for label CONFIDENCE_LOW.
Default value when not specified in API or module is
interpreted by ALB Controller as 7500.
integer Default: "7500"
confid_probable_value Confid probable value

Confidence threshold for label CONFIDENCE_PROBABLE.
Default value when not specified in API or module is
interpreted by ALB Controller as 9000.
integer Default: "9000"
confid_very_high_value Confid very high value

Confidence threshold for label CONFIDENCE_VERY_HIGH.
Default value when not specified in API or module is
interpreted by ALB Controller as 9999.
integer Default: "9999"

ALBAppLearningParams (schema)

AppLearningParams

Advanced load balancer AppLearningParams object

Name Description Type Notes
enable_per_uri_learning Enable per uri learning

Learn the params per URI path.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
max_params Max params

Maximum number of params to learn for an application.
Allowed values are 10-1000.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Minimum: 10
Maximum: 1000
Default: "100"
max_uris Max uris

Maximum number of URI paths to learn for an application.
Allowed values are 10-10000.
Default value when not specified in API or module is
interpreted by ALB Controller as 500.
integer Minimum: 10
Maximum: 10000
Default: "500"
min_hits_to_learn Min hits to learn

Minimum number of occurances required for a Param to
qualify for learning.
Default value when not specified in API or module is
interpreted by ALB Controller as 10000.
integer Default: "10000"
sampling_percent Sampling percent

Percent of the requests subjected to Application learning.
Allowed values are 1-100.
Unit is PERCENT.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: 1
Maximum: 100
Default: "1"
update_interval Update interval

Frequency with which SE publishes Application learning data
to controller.
Allowed values are 1-60.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 30.
integer Minimum: 1
Maximum: 60
Default: "30"

ALBApplicationPersistenceProfile (schema)

ApplicationPersistenceProfile

Advanced load balancer ApplicationPersistenceProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
app_cookie_persistence_profile App cookie persistence profile

Specifies the Application Cookie Persistence profile
parameters.
ALBAppCookiePersistenceProfile
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
hdr_persistence_profile Hdr persistence profile

Specifies the custom HTTP Header Persistence profile
parameters.
ALBHdrPersistenceProfile
http_cookie_persistence_profile Http cookie persistence profile

Specifies the HTTP Cookie Persistence profile parameters.		 ALBHttpCookiePersistenceProfile
id Unique identifier of this resource string Sortable
ip_persistence_profile Ip persistence profile

Specifies the Client IP Persistence profile parameters.		 ALBIPPersistenceProfile
is_federated Is federated

This field describes the object's replication scope.
If the field is set to false, then the object is visible
within the controller-cluster and its associated
service-engines.
If the field is set to true, then the object is replicated
across the federation.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
persistence_type Persistence type

Method used to persist clients to the same server for a
duration of time or a session.
Enum options - PERSISTENCE_TYPE_CLIENT_IP_ADDRESS,
PERSISTENCE_TYPE_HTTP_COOKIE, PERSISTENCE_TYPE_TLS,
PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS,
PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER,
PERSISTENCE_TYPE_APP_COOKIE, PERSISTENCE_TYPE_GSLB_SITE.
Allowed in Basic(Allowed values-
PERSISTENCE_TYPE_CLIENT_IP_ADDRESS,PERSISTENCE_TYPE_HTTP_COOKIE)
edition, Essentials(Allowed values-
PERSISTENCE_TYPE_CLIENT_IP_ADDRESS,PERSISTENCE_TYPE_HTTP_COOKIE)
edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as
PERSISTENCE_TYPE_CLIENT_IP_ADDRESS.
ALBPersistenceProfileType Required
Default: "PERSISTENCE_TYPE_CLIENT_IP_ADDRESS"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBApplicationPersistenceProfile string
server_hm_down_recovery Server hm down recovery

Specifies behavior when a persistent server has been marked
down by a health monitor.
Enum options - HM_DOWN_PICK_NEW_SERVER,
HM_DOWN_ABORT_CONNECTION,
HM_DOWN_CONTINUE_PERSISTENT_SERVER.
Allowed in Basic(Allowed values- HM_DOWN_PICK_NEW_SERVER)
edition, Essentials(Allowed values- HM_DOWN_PICK_NEW_SERVER)
edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as HM_DOWN_PICK_NEW_SERVER.
ALBPersistentServerHMDownRecovery Default: "HM_DOWN_PICK_NEW_SERVER"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBApplicationPersistenceProfileApiResponse (schema)

ApplicationPersistenceProfileApiResponse

ApplicationPersistenceProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of ApplicationPersistenceProfile

Array of ApplicationPersistenceProfile
array of ALBApplicationPersistenceProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBApplicationProfile (schema)

ApplicationProfile

Advanced load balancer ApplicationProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cloud_config_cksum Cloud config cksum

Checksum of application profiles.
Internally set by cloud connector.
string
created_by Created by

Name of the application profile creator.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_service_profile Dns service profile

Specifies various DNS service related controls for virtual
service.
ALBDnsServiceApplicationProfile
dos_rl_profile Dos rl profile

Specifies various security related controls for virtual
service.
ALBDosRateLimitProfile
http_profile Http profile

Specifies the HTTP application proxy profile parameters.		 ALBHTTPApplicationProfile
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
preserve_client_ip Preserve client ip

Specifies if client IP needs to be preserved for backend
connection.
Not compatible with Connection Multiplexing.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
preserve_client_port Preserve client port

Specifies if we need to preserve client port while
preserving client IP for backend connections.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
preserve_dest_ip_port Preserve dest ip port

Specifies if destination IP and port needs to be preserved
for backend connection.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBApplicationProfile string
sip_service_profile Sip service profile

Specifies various SIP service related controls for virtual
service.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBSipServiceApplicationProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_app_profile Tcp app profile

Specifies the TCP application proxy profile parameters.		 ALBTCPApplicationProfile
type Type

Specifies which application layer proxy is enabled for the
virtual service.
Enum options - APPLICATION_PROFILE_TYPE_L4,
APPLICATION_PROFILE_TYPE_HTTP,
APPLICATION_PROFILE_TYPE_SYSLOG,
APPLICATION_PROFILE_TYPE_DNS, APPLICATION_PROFILE_TYPE_SSL,
APPLICATION_PROFILE_TYPE_SIP.
Allowed in Basic(Allowed values-
APPLICATION_PROFILE_TYPE_L4,APPLICATION_PROFILE_TYPE_HTTP)
edition, Essentials(Allowed values-
APPLICATION_PROFILE_TYPE_L4) edition, Enterprise edition.
ALBApplicationProfileType Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBApplicationProfileApiResponse (schema)

ApplicationProfileApiResponse

ApplicationProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of ApplicationProfile

Array of ApplicationProfile
array of ALBApplicationProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBApplicationProfileType (schema)

ApplicationProfileType type

Valid ENUM values for ALBApplicationProfileType

Name Description Type Notes
ALBApplicationProfileType ApplicationProfileType type

Valid ENUM values for ALBApplicationProfileType		 string Enum: APPLICATION_PROFILE_TYPE_L4, APPLICATION_PROFILE_TYPE_HTTP, APPLICATION_PROFILE_TYPE_SYSLOG, APPLICATION_PROFILE_TYPE_DNS, APPLICATION_PROFILE_TYPE_SSL, APPLICATION_PROFILE_TYPE_SIP

ALBAttackMitigationAction (schema)

AttackMitigationAction

Advanced load balancer AttackMitigationAction object

Name Description Type Notes
deny Deny

Deny the attack packets further processing and drop them.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBAttackType (schema)

AttackType type

Valid ENUM values for ALBAttackType

Name Description Type Notes
ALBAttackType AttackType type

Valid ENUM values for ALBAttackType		 string Enum: LAND, SMURF, ICMP_PING_FLOOD, UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN, IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE, PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD, MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS, SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR, DOS_HTTP_ABORT, DOS_SSL_ERROR, DOS_APP_ERROR, DOS_REQ_IP_RL_DROP, DOS_REQ_URI_RL_DROP, DOS_REQ_URI_SCAN_BAD_RL_DROP, DOS_REQ_URI_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_URI_RL_DROP, DOS_CONN_IP_RL_DROP, DOS_SLOW_URL, TCP_NON_SYN_FLOOD, DOS_REQ_CIP_SCAN_BAD_RL_DROP, DOS_REQ_CIP_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_RL_DROP_BAD, DOS_REQ_URI_RL_DROP_BAD, DOS_REQ_IP_URI_RL_DROP_BAD, POLICY_DROPS, DOS_CONN_RL_DROP, DOS_REQ_RL_DROP, DOS_REQ_HDR_RL_DROP, DOS_REQ_CUSTOM_RL_DROP, DNS_ATTACK_REFLECTION

ALBAuthAttributeMatch (schema)

AuthAttributeMatch

Advanced load balancer AuthAttributeMatch object

Name Description Type Notes
attribute_name Attribute name

Attribute name whose values will be looked up in the access
lists.
string Required
attribute_value_list Attribute value list

Attribute Values used to determine access when
authentication applies.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBStringMatch Required

ALBAuthLdapSearchScope (schema)

AuthLdapSearchScope type

Valid ENUM values for ALBAuthLdapSearchScope

Name Description Type Notes
ALBAuthLdapSearchScope AuthLdapSearchScope type

Valid ENUM values for ALBAuthLdapSearchScope		 string Enum: AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE

ALBAuthLdapSecurityMode (schema)

AuthLdapSecurityMode type

Valid ENUM values for ALBAuthLdapSecurityMode

Name Description Type Notes
ALBAuthLdapSecurityMode AuthLdapSecurityMode type

Valid ENUM values for ALBAuthLdapSecurityMode		 string Enum: AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS

ALBAuthProfile (schema)

AuthProfile

Advanced load balancer AuthProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
http Http

HTTP user authentication params.		 ALBAuthProfileHTTPClientParams
id Unique identifier of this resource string Sortable
ldap Ldap

LDAP server and directory settings.		 ALBLdapAuthSettings
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBAuthProfile string
saml Saml

SAML settings.		 ALBSamlSettings
tacacs_plus Tacacs plus

TACACS+ settings.		 ALBTacacsPlusAuthSettings
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type

Type of the Auth Profile.
Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS,
AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS,
AUTH_PROFILE_JWT.
ALBAuthProfileType Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBAuthProfileApiResponse (schema)

AuthProfileApiResponse

AuthProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of AuthProfile

Array of AuthProfile
array of ALBAuthProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBAuthProfileHTTPClientParams (schema)

AuthProfileHTTPClientParams

Advanced load balancer AuthProfileHTTPClientParams object

Name Description Type Notes
cache_expiration_time Cache expiration time

The max allowed length of time a clients authentication is
cached.
Allowed values are 1-30.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.
integer Minimum: 1
Maximum: 30
Default: "5"
request_header Request header

Insert an HTTP header.
This field is used to define the header name.
The value of the header is set to the client's HTTP Auth
user ID.
string
require_user_groups Require user groups

A user should be a member of these groups.
Each group is defined by the DN.
For example,
CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com.
array of string

ALBAuthProfileType (schema)

AuthProfileType type

Valid ENUM values for ALBAuthProfileType

Name Description Type Notes
ALBAuthProfileType AuthProfileType type

Valid ENUM values for ALBAuthProfileType		 string Enum: AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS, AUTH_PROFILE_JWT

ALBAuthSamlEntityType (schema)

AuthSamlEntityType type

Valid ENUM values for ALBAuthSamlEntityType

Name Description Type Notes
ALBAuthSamlEntityType AuthSamlEntityType type

Valid ENUM values for ALBAuthSamlEntityType		 string Enum: AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN, AUTH_SAML_APP_VS

ALBAuthTacacsPlusAttributeValuePair (schema)

AuthTacacsPlusAttributeValuePair

Advanced load balancer AuthTacacsPlusAttributeValuePair object

Name Description Type Notes
mandatory Mandatory

mandatory.		 boolean
name Name

attribute name.		 string
value Value

attribute value.		 string

ALBAuthTacacsPlusService (schema)

AuthTacacsPlusService type

Valid ENUM values for ALBAuthTacacsPlusService

Name Description Type Notes
ALBAuthTacacsPlusService AuthTacacsPlusService type

Valid ENUM values for ALBAuthTacacsPlusService		 string Enum: AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY

ALBAuthToken (schema)

Auth Token

ALB Auth Token

Name Description Type Notes
expires_at Expiry time of the token

Expiry time of the token will be set by LCM at the time of Enforcement Point Creation.
string
hours hours

Hours to validate the token
string Required
token Token for Avi Controller

Token for Avi Controller.		 string
username username

controller username.
string Required

ALBAuthenticationAction (schema)

AuthenticationAction

Advanced load balancer AuthenticationAction object

Name Description Type Notes
type Type

Authentication Action to be taken for a matched Rule.
Enum options - SKIP_AUTHENTICATION,
USE_DEFAULT_AUTHENTICATION.
Default value when not specified in API or module is
interpreted by ALB Controller as USE_DEFAULT_AUTHENTICATION.
ALBAuthenticationActionEnum Default: "USE_DEFAULT_AUTHENTICATION"

ALBAuthenticationActionEnum (schema)

AuthenticationActionEnum type

Valid ENUM values for ALBAuthenticationActionEnum

Name Description Type Notes
ALBAuthenticationActionEnum AuthenticationActionEnum type

Valid ENUM values for ALBAuthenticationActionEnum		 string Enum: SKIP_AUTHENTICATION, USE_DEFAULT_AUTHENTICATION

ALBAuthenticationMatch (schema)

AuthenticationMatch

Advanced load balancer AuthenticationMatch object

Name Description Type Notes
client_ip Client ip

Configure client ip addresses.		 ALBIpAddrMatch
host_hdr Host hdr

Configure the host header.		 ALBHostHdrMatch
path Path

Configure request paths.		 ALBPathMatch

ALBAuthenticationPolicy (schema)

AuthenticationPolicy

Advanced load balancer AuthenticationPolicy object

Name Description Type Notes
authn_rules Authn rules

Add rules to apply auth profile to specific targets.		 array of ALBAuthenticationRule
default_auth_profile_path Default auth profile path

Auth Profile to use for validating users.
It is a reference to an object of type AuthProfile.
string Required

ALBAuthenticationRule (schema)

AuthenticationRule

Advanced load balancer AuthenticationRule object

Name Description Type Notes
action Action

Enable or disable authentication for matched targets.		 ALBAuthenticationAction
enable Enable

Enable or disable the rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
index Index

Index of the rule.		 integer Required
match Match

Add match criteria to the rule.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBAuthenticationMatch
name Name

Name of the rule.		 string Required

ALBAuthorizationAction (schema)

AuthorizationAction

Advanced load balancer AuthorizationAction object

Name Description Type Notes
status_code Status code

HTTP status code to use for local response when an policy
rule is matched.
Enum options - HTTP_RESPONSE_STATUS_CODE_401,
HTTP_RESPONSE_STATUS_CODE_403.
ALBAuthorizationActionHttpStatusCode
type Type

Defines the action taken when an authorization policy rule
is matched.
By default, access is allowed to the requested resource.
Enum options - ALLOW_ACCESS, CLOSE_CONNECTION,
HTTP_LOCAL_RESPONSE.
Default value when not specified in API or module is
interpreted by ALB Controller as ALLOW_ACCESS.
ALBAuthorizationActionEnum Default: "ALLOW_ACCESS"

ALBAuthorizationActionEnum (schema)

AuthorizationActionEnum type

Valid ENUM values for ALBAuthorizationActionEnum

Name Description Type Notes
ALBAuthorizationActionEnum AuthorizationActionEnum type

Valid ENUM values for ALBAuthorizationActionEnum		 string Enum: ALLOW_ACCESS, CLOSE_CONNECTION, HTTP_LOCAL_RESPONSE

ALBAuthorizationActionHttpStatusCode (schema)

AuthorizationActionHttpStatusCode type

Valid ENUM values for ALBAuthorizationActionHttpStatusCode

Name Description Type Notes
ALBAuthorizationActionHttpStatusCode AuthorizationActionHttpStatusCode type

Valid ENUM values for ALBAuthorizationActionHttpStatusCode		 string Enum: HTTP_RESPONSE_STATUS_CODE_401, HTTP_RESPONSE_STATUS_CODE_403

ALBAuthorizationMatch (schema)

AuthorizationMatch

Advanced load balancer AuthorizationMatch object

Name Description Type Notes
attr_matches Attr matches

Attributes whose values need to be matched.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBAuthAttributeMatch
host_hdr Host hdr

Host header value to be matched.		 ALBHostHdrMatch
method Method

HTTP methods to be matched.		 ALBMethodMatch
path Path

Paths/URLs to be matched.		 ALBPathMatch

ALBAuthorizationPolicy (schema)

AuthorizationPolicy

Advanced load balancer AuthorizationPolicy object

Name Description Type Notes
authz_rules Authz rules

Authorization Policy Rules.		 array of ALBAuthorizationRule

ALBAuthorizationRule (schema)

AuthorizationRule

Advanced load balancer AuthorizationRule object

Name Description Type Notes
action Action

Authorization action when rule is matched.		 ALBAuthorizationAction Required
enable Enable

Enable or disable the rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
index Index

Index of the Authorization Policy rule.		 integer Required
match Match

Authorization match criteria for the rule.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBAuthorizationMatch Required
name Name

Name of the rule.		 string Required

ALBAutoScaleLaunchConfig (schema)

AutoScaleLaunchConfig

Advanced load balancer AutoScaleLaunchConfig object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
image_id Image id

Unique ID of the Amazon Machine Image (AMI) or OpenStack
VM ID.
string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
mesos Mesos

Placeholder for description of property mesos of obj type
AutoScaleLaunchConfig field type str type ref.
ALBAutoScaleMesosSettings
openstack Openstack

Placeholder for description of property openstack of obj
type AutoScaleLaunchConfig field type str type ref.
ALBAutoScaleOpenStackSettings
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBAutoScaleLaunchConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
use_external_asg Use external asg

If set to True, ServerAutoscalePolicy will use the
autoscaling group (external_autoscaling_groups) from Pool to
perform scale up and scale down.
Pool should have single autoscaling group configured.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBAutoScaleLaunchConfigApiResponse (schema)

AutoScaleLaunchConfigApiResponse

AutoScaleLaunchConfigApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of AutoScaleLaunchConfig

Array of AutoScaleLaunchConfig
array of ALBAutoScaleLaunchConfig
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBAutoScaleMesosSettings (schema)

AutoScaleMesosSettings

Advanced load balancer AutoScaleMesosSettings object

Name Description Type Notes
force Force

Apply scaleout even when there are deployments inprogress.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBAutoScaleOpenStackSettings (schema)

AutoScaleOpenStackSettings

Advanced load balancer AutoScaleOpenStackSettings object

Name Description Type Notes
heat_scale_down_url Heat scale down url

Avi Controller will use this URL to scale downthe pool.
Cloud connector will automatically update the membership.
This is an alpha feature.
string
heat_scale_up_url Heat scale up url

Avi Controller will use this URL to scale upthe pool.
Cloud connector will automatically update the membership.
This is an alpha feature.
string

ALBCRL (schema)

CRL

Advanced load balancer CRL object

Name Description Type Notes
body Body

Certificate Revocation list from a given issuer in PEM
format.
This can either be configured directly or via the
server_url.
string
common_name Common name

Common name of the issuer in the Certificate Revocation
list.
string
distinguished_name Distinguished name

Distinguished name of the issuer in the Certificate
Revocation list.
string
etag Etag

Cached etag to optimize the download of the CRL.		 string
fingerprint Fingerprint

Fingerprint of the CRL.
Used to avoid configuring duplicates.
string
last_refreshed Last refreshed

Last time CRL was refreshed by the system.
This is an internal field used by the system.
string
last_update Last update

The date when this CRL was last issued.		 string
next_update Next update

The date when a newer CRL will be available.
Also conveys the date after which the CRL should be
considered obsolete.
string
server_url Server url

URL of a server that issues the Certificate Revocation
list.
If this is configured, CRL will be periodically downloaded
either based on the configured update interval or the next
update interval in the CRL.
CRL itself is stored in the body.
string
text Text

Certificate Revocation list in plain text for readability.		 string
update_interval Update interval

Interval in minutes to check for CRL update.
If not specified, interval will be 1 day.
Allowed values are 30-525600.
Unit is MIN.
integer Minimum: 30
Maximum: 525600

ALBCertificateAuthority (schema)

CertificateAuthority

Advanced load balancer CertificateAuthority object

Name Description Type Notes
ca_path Ca path

It is a reference to an object of type
SSLKeyAndCertificate.
string
name Name

Name of the object.		 string

ALBCertificateManagementProfile (schema)

CertificateManagementProfile

Advanced load balancer CertificateManagementProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBCertificateManagementProfile string
script_params Script params

Placeholder for description of property script_params of
obj type CertificateManagementProfile field type str type
array.
array of ALBCustomParams
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBClientInsights (schema)

ClientInsights type

Valid ENUM values for ALBClientInsights

Name Description Type Notes
ALBClientInsights ClientInsights type

Valid ENUM values for ALBClientInsights		 string Enum: NO_INSIGHTS, PASSIVE, ACTIVE

ALBClientInsightsSampling (schema)

ClientInsightsSampling

Advanced load balancer ClientInsightsSampling object

Name Description Type Notes
client_ip Client ip

Client IP addresses to check when inserting RUM script.		 ALBIpAddrMatch
sample_uris Sample uris

URL patterns to check when inserting RUM script.		 ALBStringMatch
skip_uris Skip uris

URL patterns to avoid when inserting RUM script.		 ALBStringMatch

ALBClientLogConfiguration (schema)

ClientLogConfiguration

Advanced load balancer ClientLogConfiguration object

Name Description Type Notes
enable_significant_log_collection Enable significant log collection

Enable significant log collection.
By default, this flag is enabled, which means that Avi SEs
collect significant logs and forward them to Controller for
further processing.
For example, these logs correspond to error conditions such
as when the response code for a request is 500.
Users can deactivate this flag to turn off default
significant log collection.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Special default for Basic edition is false, Essentials
edition is false, Enterprise is True.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
filtered_log_processing Filtered log processing

Filtered logs are logs that match any client log filters or
rules with logging enabled.
Such logs are processed by the Logs Analytics system
according to this setting.
Enum options - LOGS_PROCESSING_NONE,
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND,
LOGS_PROCESSING_AUTO_SYNC_AND_INDEX,
LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND.
Default value when not specified in API or module is
interpreted by ALB Controller as
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND.
ALBLogsProcessingType Default: "LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND"
non_significant_log_processing Non significant log processing

Logs that are neither significant nor filtered, are
processed by the Logs Analytics system according to this
setting.
Enum options - LOGS_PROCESSING_NONE,
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND,
LOGS_PROCESSING_AUTO_SYNC_AND_INDEX,
LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND.
Default value when not specified in API or module is
interpreted by ALB Controller as
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND.
ALBLogsProcessingType Default: "LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND"
significant_log_processing Significant log processing

Significant logs are processed by the Logs Analytics system
according to this setting.
Enum options - LOGS_PROCESSING_NONE,
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND,
LOGS_PROCESSING_AUTO_SYNC_AND_INDEX,
LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND.
Default value when not specified in API or module is
interpreted by ALB Controller as
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND.
ALBLogsProcessingType Default: "LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND"

ALBClientLogFilter (schema)

ClientLogFilter

Advanced load balancer ClientLogFilter object

Name Description Type Notes
all_headers All headers

Placeholder for description of property all_headers of obj
type ClientLogFilter field type str type boolean.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
client_ip Client ip

Placeholder for description of property client_ip of obj
type ClientLogFilter field type str type ref.
ALBIpAddrMatch
duration Duration

Special values are 0 - 'infinite'.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 30.
integer Default: "30"
enabled Enabled

Placeholder for description of property enabled of obj type
ClientLogFilter field type str type boolean.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Required
Default: "False"
index Index

Number of index.		 integer Required
name Name

Name of the object.		 string Required
uri Uri

Placeholder for description of property uri of obj type
ClientLogFilter field type str type ref.
ALBStringMatch

ALBClientLogStreamingConfig (schema)

ClientLogStreamingConfig

Advanced load balancer ClientLogStreamingConfig object

Name Description Type Notes
external_server External server

IP address or hostnames (FQDNs) of destination servers.
If an FQDN is provided, this should be resolvable on Avi
Service Engines.
Multiple servers are supported by furnishing a
comma-separated list of IP addresses or host names, for
example, 11.11.11.11,23.12.12.4.
Optionally, a separate port can be specified for each
external server in the list, for example, 11.11.11.11
234,12.12.12.12 343.
string Required
external_server_port External server port

The service port to use for the external servers.
If multiple external servers have been specified, the
single port number specified here will apply to all those
servers for which an explicit port number has not been
specified in the external server list.
Default value when not specified in API or module is
interpreted by ALB Controller as 514.
integer Default: "514"
format_config Format config

Configuration to specify the format of streamed logs.
By default, each log is encoded in JSON format.
ALBClientLogStreamingFormat
log_types_to_send Log types to send

Type of logs to stream to the external server.
Default is LOGS_ALL, i.e., send all logs.
Enum options - LOGS_SIGNIFICANT_ONLY, LOGS_UDF_ONLY,
LOGS_UDF_SIGNIFICANT, LOGS_ALL.
Default value when not specified in API or module is
interpreted by ALB Controller as LOGS_ALL.
ALBLogsType Default: "LOGS_ALL"
max_logs_per_second Max logs per second

Maximum number of logs per second streamed to the remote
server.
By default, 100 logs per second are streamed.
Set this to zero(0) to not enforce any limit.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Default: "100"
protocol Protocol

Protocol to use for streaming logs.
Enum options - LOG_STREAMING_PROTOCOL_UDP,
LOG_STREAMING_PROTOCOL_SYSLOG_OVER_UDP,
LOG_STREAMING_PROTOCOL_TCP,
LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TCP,
LOG_STREAMING_PROTOCOL_RAW_OVER_UDP,
LOG_STREAMING_PROTOCOL_TLS,
LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TLS.
Default value when not specified in API or module is
interpreted by ALB Controller as LOG_STREAMING_PROTOCOL_UDP.
ALBClientLogStreamingProtocol Default: "LOG_STREAMING_PROTOCOL_UDP"
syslog_config Syslog config

Syslog configuration if a Syslog-based protocol is
specified for streaming.
ALBStreamingSyslogConfig

ALBClientLogStreamingFormat (schema)

ClientLogStreamingFormat

Advanced load balancer ClientLogStreamingFormat object

Name Description Type Notes
format Format

Format for the streamed logs.
Enum options - LOG_STREAMING_FORMAT_JSON_FULL,
LOG_STREAMING_FORMAT_JSON_SELECTED.
ALBLogStreamingFormatType Required
included_fields Included fields

List of log fields to be streamed, when selective fields
(LOG_STREAMING_FORMAT_JSON_SELECTED) option is chosen.
Only top-level fields in application or connection logs are
supported.
array of string

ALBClientLogStreamingProtocol (schema)

ClientLogStreamingProtocol type

Valid ENUM values for ALBClientLogStreamingProtocol

Name Description Type Notes
ALBClientLogStreamingProtocol ClientLogStreamingProtocol type

Valid ENUM values for ALBClientLogStreamingProtocol		 string Enum: LOG_STREAMING_PROTOCOL_UDP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_UDP, LOG_STREAMING_PROTOCOL_TCP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TCP, LOG_STREAMING_PROTOCOL_RAW_OVER_UDP, LOG_STREAMING_PROTOCOL_TLS, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TLS

ALBCloneServer (schema)

CloneServer

Advanced load balancer CloneServer object

Name Description Type Notes
ip_address Ip address

IP Address of the Clone Server.		 ALBIpAddr
mac Mac

MAC Address of the Clone Server.		 string
network_name Network name

Network to clone the traffic to.
It is a reference to an object of type Network.
string
subnet Subnet

Subnet of the network to clone the traffic to.		 ALBIpAddrPrefix

ALBCloudType (schema)

CloudType type

Valid ENUM values for ALBCloudType

Name Description Type Notes
ALBCloudType CloudType type

Valid ENUM values for ALBCloudType		 string Enum: CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER, CLOUD_OSHIFT_K8S, CLOUD_AZURE, CLOUD_GCP, CLOUD_NSXT

ALBComparisonOperator (schema)

ComparisonOperator type

Valid ENUM values for ALBComparisonOperator

Name Description Type Notes
ALBComparisonOperator ComparisonOperator type

Valid ENUM values for ALBComparisonOperator		 string Enum: CO_EQ, CO_GT, CO_GE, CO_LT, CO_LE, CO_NE

ALBCompressionFilter (schema)

CompressionFilter

Advanced load balancer CompressionFilter object

Name Description Type Notes
devices_path Devices path

It is a reference to an object of type StringGroup.		 string
index Index

Number of index.		 integer Required
ip_addr_prefixes Ip addr prefixes

Placeholder for description of property ip_addr_prefixes of
obj type CompressionFilter field type str type array.
array of ALBIpAddrPrefix
ip_addr_ranges Ip addr ranges

Placeholder for description of property ip_addr_ranges of
obj type CompressionFilter field type str type array.
array of ALBIpAddrRange
ip_addrs Ip addrs

Placeholder for description of property ip_addrs of obj
type CompressionFilter field type str type array.
array of ALBIpAddr
ip_addrs_path Ip addrs path

It is a reference to an object of type IpAddrGroup.		 string
level Level

Enum options - AGGRESSIVE_COMPRESSION, NORMAL_COMPRESSION,
NO_COMPRESSION.
Default value when not specified in API or module is
interpreted by ALB Controller as NORMAL_COMPRESSION.
ALBCompressionFilterLevel Required
Default: "NORMAL_COMPRESSION"
match Match

Whether to apply Filter when group criteria is matched or
not.
Enum options - IS_IN, IS_NOT_IN.
Default value when not specified in API or module is
interpreted by ALB Controller as IS_IN.
ALBMatchOperation Default: "IS_IN"
name Name

Name of the object.		 string Required
user_agent User agent

Placeholder for description of property user_agent of obj
type CompressionFilter field type str type array.
array of string

ALBCompressionFilterLevel (schema)

CompressionFilterLevel type

Valid ENUM values for ALBCompressionFilterLevel

Name Description Type Notes
ALBCompressionFilterLevel CompressionFilterLevel type

Valid ENUM values for ALBCompressionFilterLevel		 string Enum: AGGRESSIVE_COMPRESSION, NORMAL_COMPRESSION, NO_COMPRESSION

ALBCompressionProfile (schema)

CompressionProfile

Advanced load balancer CompressionProfile object

Name Description Type Notes
compressible_content_path Compressible content path

Compress only content types listed in this string group.
Content types not present in this list are not compressed.
It is a reference to an object of type StringGroup.
string
compression Compression

Compress HTTP response content if it wasn't already
compressed.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Required
Default: "False"
filter Filter

Custom filters used when auto compression is not selected.		 array of ALBCompressionFilter
remove_accept_encoding_header Remove accept encoding header

Offload compression from the servers to AVI.
Saves compute cycles on the servers.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Required
Default: "True"
type Type

Compress content automatically or add custom filters to
define compressible content and compression levels.
Enum options - AUTO_COMPRESSION, CUSTOM_COMPRESSION.
Default value when not specified in API or module is
interpreted by ALB Controller as AUTO_COMPRESSION.
ALBCompressionType Required
Default: "AUTO_COMPRESSION"

ALBCompressionType (schema)

CompressionType type

Valid ENUM values for ALBCompressionType

Name Description Type Notes
ALBCompressionType CompressionType type

Valid ENUM values for ALBCompressionType		 string Enum: AUTO_COMPRESSION, CUSTOM_COMPRESSION

ALBCongestionAlgo (schema)

CongestionAlgo type

Valid ENUM values for ALBCongestionAlgo

Name Description Type Notes
ALBCongestionAlgo CongestionAlgo type

Valid ENUM values for ALBCongestionAlgo		 string Enum: CC_ALGO_NEW_RENO, CC_ALGO_CUBIC, CC_ALGO_HTCP

ALBConnPoolProperties (schema)

ConnPoolProperties

Advanced load balancer ConnPoolProperties object

Name Description Type Notes
upstream_connpool_conn_idle_tmo Upstream connpool conn idle tmo

Connection idle timeout.
Allowed in Basic(Allowed values- 60000) edition,
Essentials(Allowed values- 60000) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 60000.
integer Default: "60000"
upstream_connpool_conn_life_tmo Upstream connpool conn life tmo

Connection life timeout.
Allowed in Basic(Allowed values- 600000) edition,
Essentials(Allowed values- 600000) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 600000.
integer Default: "600000"
upstream_connpool_conn_max_reuse Upstream connpool conn max reuse

Maximum number of times a connection can be reused.
Special values are 0- 'unlimited'.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
upstream_connpool_server_max_cache Upstream connpool server max cache

Maximum number of connections a server can cache.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"

ALBContentRewriteProfile (schema)

ContentRewriteProfile

Advanced load balancer ContentRewriteProfile object

Name Description Type Notes
response_rewrite_enabled Response rewrite enabled

Enable rewrite on response body.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
rewritable_content_path Rewritable content path

Rewrite only content types listed in this string group.
Content types not present in this list are not rewritten.
It is a reference to an object of type StringGroup.
string
rsp_match_replace_pair Rsp match replace pair

Strings to be matched and replaced with on the response
body.
This should be configured when response_rewrite_enabled is
set to true.
array of ALBMatchReplacePair

ALBControllerClusterInfo (schema)

Advanced Load Balancer controller cluster info

Advanced Load Balancer controller cluster information about nodes in the cluster and cluster information.

Name Description Type Notes
cluster_name Advanced Load Balancer controller cluster name

Advanced Load Balancer controller cluster name.		 string Readonly
cluster_state Advanced Load Balancer controller cluster state

Advanced Load Balancer controller cluster state.		 string Readonly
cluster_uuid ID of the cluster used to recognize it

ID of the Cluster maintained internally.
Note: This is automatically generated and cannot be modified.
string Readonly
error Advanced Load Balancer controller cluster error

Advanced Load Balancer controller cluster error information, if any.		 AlbControllerClusterRuntimeError Readonly
nodes Advanced Load Balancer controller node information array of ALBControllerNodeInfo
reason Advanced Load Balancer cluster state not STABLE reason.

Advanced Load Balancer cluster state not STABLE reason.		 string Readonly
version Advanced Load Balancer controller cluster version

Advanced Load Balancer controller cluster version.		 string Readonly
virtual_ip Advanced Load Balancer controller cluster VIP

Advanced Load Balancer controller cluster virtual_ip.
IPAddress Readonly

ALBControllerClusterNodeVMFormFactor (schema)

Supported VM form factor for Advanced Load Balancer controller

Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM.

Name Description Type Notes
ALBControllerClusterNodeVMFormFactor Supported VM form factor for Advanced Load Balancer controller

Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM.
string Enum: SMALL, MEDIUM, LARGE

ALBControllerClusterTrigger (schema)

Advanced Load Balancer controller node clustering trigger response

Advanced Load Balancer controller node clustering trigger response.

Name Description Type Notes
status Advanced Load Balancer controller node clustering trigger status

Advanced Load Balancer controller node clustering trigger status.
string Readonly

ALBControllerConfiguration (schema)

ALBControllerConfiguration

Alb Controller config details

Name Description Type Notes
cluster_ip Cluster IP of Advanced Load Balancer controller cluster

The cluster IP of the Advanced Load Balancer controller node cluster. This is mandatory parameter and
required for single node controller deployments as well.
IPAddress Required
dns_servers DNS servers.

List of DNS servers.
array of IPv4Address
infra_admin_password Advanced Load Balancer controller admin password

Password for the controller node admin user. For deployment,
this property is required.
The password specified must be at least 8 characters in length.
string Required
infra_admin_username Username

Username for server authentication.		 string Required
ntp_servers NTP servers.

List of NTP servers.
array of HostnameOrIPv4Address
owned_by owned_by

The policy initiates workflow by LCM/VCF		 string Required
Enum: LCM, VCF

ALBControllerNodeFormFactor (schema)

Advanced Load Balancer controller node form factor

Advanced Load Balancer node form factor.

Name Description Type Notes
disk Disk size of the Advanced Load Balancer controller node in Bytes

Disk size of the Advanced Load Balancer controller node in Bytes.		 integer Readonly
memory Memory size of the Advanced Load Balancer controller node in Bytes

Memory size of the Advanced Load Balancer controller node in Bytes.		 integer Readonly
type Advanced Load Balancer controller node form factor type

Advanced Load Balancer controller node form factor type.
ALBControllerClusterNodeVMFormFactor Readonly
vcpu Number of virtual cpus on the Advanced Load Balancer controller node

Number of virtual cpus on the Advanced Load Balancer controller node.		 integer Readonly

ALBControllerNodeFormFactors (schema)

Advanced Load Balancer controller form factors list result

Name Description Type Notes
form_factors Advanced Load Balancer controller form factor list array of ALBControllerNodeFormFactor

ALBControllerNodeInfo (schema)

Information for Advanced Load Balancer controller nodes

Advanced Load Balancer controller node information like node IP and node name.

Name Description Type Notes
is_dhcp Is DHCP based IP assignment

Advanced Load Balancer controller node IP configuration is static or DHCP.		 boolean Readonly
node_ip Advanced Load Balancer controller node IP

Advanced Load Balancer controller node IP.
IPAddress Readonly
node_name Advanced Load Balancer controller node name

Advanced Load Balancer controller node name.		 string Readonly
node_role Advanced Load Balancer controller node role

Advanced Load Balancer controller node role in cluster.		 string Readonly
node_start_time Advanced Load Balancer controller node start time

Advanced Load Balancer controller node start time in its local timezone.		 EpochMsTimestamp Readonly
node_state Advanced Load Balancer controller node state

Advanced Load Balancer controller node current state in the cluster.		 string Readonly
vm_id ID of VM used to recognize it

ID of the VM maintained internally.
Note: This is automatically generated and cannot be modified.
string Readonly

ALBControllerNodeParameters (schema)

List parameters for Advanced Load Balancer controller nodes

Parameters for listing the Advanced Load Balancer controller nodes.

Name Description Type Notes
state the current state of the Advanced Load Balancer controller VM

If state is pending then pending requests for Advanced Load Balancer controller VMs are shown.
If state is deployed then deployed requests for Advanced Load Balancer controller VMs are shown.
else show all the Advanced Load Balancer controller deployment requests.
string Enum: DEPLOYED, PENDING

ALBControllerNodeUserSettings (schema)

Name Description Type Notes
admin_password Advanced Load Balancer controller admin password

Password for the controller node admin user. For deployment,
this property is required.
The password specified must be at least 8 characters in length.
string Required
admin_ssh_key Admin User SSH key

To configure ssh into the Advanced Load Balancer controller, this property is required.
string

ALBControllerNodeVMClusterConfig (schema)

Info for Advanced Load Balancer controller node cluster configuration

Contains the cluster configuration for a Advanced Load Balancer controller node VM cluster.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cluster_ip Cluster IP of Advanced Load Balancer controller cluster

The cluster IP of the Advanced Load Balancer controller node cluster. This is mandatory parameter and
required for single node controller deployments as well.
IPAddress Required
cluster_name Cluster name of Advanced Load Balancer controller cluster

The cluster name of the Advanced Load Balancer controller node cluster.
string
cluster_uuid ID of the Advanced Load Balancer controller cluster used to recognize it

ID of the Cluster maintained internally. This is different from cluster_uuid internal to
Advanced Load Balancer controller.
Note: This is automatically generated and cannot be modified.
string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ALBControllerNodeVMClusterConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ALBControllerNodeVMDeletionParameters (schema)

Parameters for deleting a deployed Advanced Load Balancer Controller

Parameters for deletion of a Advanced Load Balancer controller node VM.

Name Description Type Notes
force_delete Delete by force

If true, the VM will be undeployed even if it cannot be removed
from its cluster.
boolean
inaccessible Delete when controller is inaccessible

If inaccessible is provided along with force_delete and if this is the last node then
deployment request will be deleted from NSX even if Policy objects are present.
string

ALBControllerNodeVMDeploymentConfig (schema)

Configuration for deploying Advanced Load Balancer controller node VM

Contains info used to configure the VM on deployment. This is an abstract type. Concrete child types:
AlbControllerVsphereClusterNodeVmDeploymentConfig

Name Description Type Notes
placement_type Type of deployment

Specifies the config for the platform through which to deploy the VM.
string Required
Enum: AlbControllerVsphereClusterNodeVmDeploymentConfig

ALBControllerNodeVMDeploymentProgressState (schema)

Deployment progress of Advanced Load Balancer controller VM

Deployment progress state of Advanced Load Balancer controller VM. This Object contains name of current deployment step and overall progress percentage.

Name Description Type Notes
current_step_title Name of the current step

Name of the current running step of deployment		 string Readonly
progress Progress percentage

Overall progress percentage of deployment completed		 integer Readonly

ALBControllerNodeVMDeploymentRequest (schema)

Info for Advanced Load Balancer controller node deployment request

Contains the deployment information for a Advanced Load Balancer controller node VM.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
deployment_config Deployment config for Advanced Load Balancer controller node VM

Deployment information and basic configuration for the Advanced Load Balancer controller.
ALBControllerNodeVMDeploymentConfig
(Abstract type: pass one of the following concrete types)
AlbControllerVsphereClusterNodeVmDeploymentConfig		 Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
form_factor Form factor for Advanced Load Balancer controller VMs.

Specifies the desired "size" of the VM
ALBControllerClusterNodeVMFormFactor Default: "MEDIUM"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ALBControllerNodeVMDeploymentRequest string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
user_settings User settings for the VM

SSH key and password for the Advanced Load Balancer controller node VM.
Note: SSH key settings will be honored only during VM deployment.
ALBControllerNodeUserSettings Required
vm_id ID of Advanced Load Balancer controller VM used to recognize it

ID of the VM maintained internally.
Note: This is automatically generated and cannot be modified.
string Readonly

ALBControllerNodeVMDeploymentRequestList (schema)

ALBControllerNodeVMDeploymentRequest list

List of Advanced Load Balancer Controller Deployment Requests.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of existing Advanced Load Balancer Controller Deployment Requests.
array of ALBControllerNodeVMDeploymentRequest Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBControllerNodeVMDeploymentStatusReport (schema)

Report of a VM's deployment status

Contains up-to-date information relating to an auto-deployed VM, including
its status and (potentially) an error message.

Name Description Type Notes
deployment_progress_state Deployment progress state of node VM

Detailed progress state of node VM deployment realization.		 ALBControllerNodeVMDeploymentProgressState Readonly
failure_code Error code for failure

In case of auto-deployment-related failure, the code for the error will
be stored here.
integer
failure_message Error message for failure

In case of auto-deployment-related failure, an error message will be
stored here.
string
status Auto-deployed VM's deployment status

Status of the addition or deletion of an auto-deployed Advanced Load Balancer controller node VM.
string Required
Enum: NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, VM_POWER_ON_SUCCESSFUL, VM_REGISTRATION_IN_PROGRESS, VM_REGISTRATION_SUCCESSFUL, VM_REGISTRATION_FAILED, VM_WAITING_TO_COME_ONLINE, VM_ONLINE_FAILED, VM_CONFIGURATION_IN_PROGRESS, VM_CONFIGURATION_SUCCESSFUL, VM_CONFIGURATION_FAILED, VM_CLUSTERING_QUEUED, VM_CLUSTERING_IN_PROGRESS, VM_CLUSTERING_SUCCESSFUL, VM_CLUSTERING_FAILED, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, WAITING_TO_UNDEPLOY_VM, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, UNKNOWN_STATE

ALBControllerNodeVMUpdateParameters (schema)

Parameters for updating Advanced Load Balancer Controller request

Parameters for updating Advanced Load Balancer Controller node VM password,
DNS and NTP related configuration

Name Description Type Notes
running_config Update Advanced Load Balancer Controller runtime config as well

If true, then the configuration will be updated in the running Advanced Load Balancer Controllers as well.
boolean

ALBControllerVersion (schema)

ALBControllerVersion

ALB Controller Version

Name Description Type Notes
alb_api_version Alb API Version

It is ALB API version supported by NSX-ALB.
string
alb_controller_version Alb Controller Version

It is ALB Controller version deployed by NSX-ALB.
string

ALBCookieMatch (schema)

CookieMatch

Advanced load balancer CookieMatch object

Name Description Type Notes
match_case Match case

Case sensitivity to use for the match.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as INSENSITIVE.
ALBMatchCase Default: "INSENSITIVE"
match_criteria Match criteria

Criterion to use for matching the cookie in the HTTP
request.
Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST,
HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS,
HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH,
HDR_EQUALS, HDR_DOES_NOT_EQUAL.
ALBHdrMatchOperation Required
name Name

Name of the cookie.		 string Required
value Value

String value in the cookie.		 string

ALBCustomParams (schema)

CustomParams

Advanced load balancer CustomParams object

Name Description Type Notes
is_dynamic Is dynamic

Placeholder for description of property is_dynamic of obj
type CustomParams field type str type boolean.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
is_sensitive Is sensitive

Placeholder for description of property is_sensitive of obj
type CustomParams field type str type boolean.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
name Name

Name of the object.		 string Required
value Value

value of CustomParams.		 string

ALBDiscoveredNetwork (schema)

DiscoveredNetwork

Advanced load balancer DiscoveredNetwork object

Name Description Type Notes
network_name Network name

Discovered network for this IP.
It is a reference to an object of type Network.
string Required
subnet Subnet

Discovered subnet for this IP.		 array of ALBIpAddrPrefix
subnet6 Subnet6

Discovered IPv6 subnet for this IP.		 array of ALBIpAddrPrefix

ALBDnsAAAARdata (schema)

DnsAAAARdata

Advanced load balancer DnsAAAARdata object

Name Description Type Notes
ip6_address Ip6 address

IPv6 address for FQDN.		 ALBIpAddr Required

ALBDnsARdata (schema)

DnsARdata

Advanced load balancer DnsARdata object

Name Description Type Notes
ip_address Ip address

IP address for FQDN.		 ALBIpAddr Required

ALBDnsAttack (schema)

DnsAttack

Advanced load balancer DnsAttack object

Name Description Type Notes
attack_vector Attack vector

The DNS attack vector.
Enum options - DNS_REFLECTION, DNS_NXDOMAIN,
DNS_AMPLIFICATION_EGRESS.
ALBDnsAttackVector Required
enabled Enabled

Enable or disable the mitigation of the attack vector.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
max_mitigation_age Max mitigation age

Time in minutes after which mitigation will be deactivated.
Allowed values are 1-4294967295.
Special values are 0- 'blocked for ever'.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 60.
integer Minimum: 0
Maximum: 4294967295
Default: "60"
mitigation_action Mitigation action

Mitigation action to perform for this DNS attack vector.		 ALBAttackMitigationAction
threshold Threshold

Threshold, in terms of DNS packet per second, for the DNS
attack vector.
integer

ALBDnsAttackVector (schema)

DnsAttackVector type

Valid ENUM values for ALBDnsAttackVector

Name Description Type Notes
ALBDnsAttackVector DnsAttackVector type

Valid ENUM values for ALBDnsAttackVector		 string Enum: DNS_REFLECTION, DNS_NXDOMAIN, DNS_AMPLIFICATION_EGRESS

ALBDnsAttacks (schema)

DnsAttacks

Advanced load balancer DnsAttacks object

Name Description Type Notes
attacks Attacks

Mode of dealing with the attacks - perform detection only,
or detect and mitigate the attacks.
array of ALBDnsAttack
oper_mode Oper mode

Mode of dealing with the attacks - perform detection only,
or detect and mitigate the attacks.
Enum options - DETECTION, MITIGATION.
ALBOperationMode

ALBDnsClientIpMatch (schema)

DnsClientIpMatch

Advanced load balancer DnsClientIpMatch object

Name Description Type Notes
client_ip Client ip

IP addresses to match against client IP.		 ALBIpAddrMatch Required
use_edns_client_subnet_ip Use edns client subnet ip

Use the IP address from the EDNS client subnet option, if
available, as the source IP address of the client.
It should be noted that the edns subnet IP may not be a /32
IP address.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBDnsCnameRdata (schema)

DnsCnameRdata

Advanced load balancer DnsCnameRdata object

Name Description Type Notes
cname Cname

Canonical name.		 string Required

ALBDnsErrorResponseType (schema)

DnsErrorResponseType type

Valid ENUM values for ALBDnsErrorResponseType

Name Description Type Notes
ALBDnsErrorResponseType DnsErrorResponseType type

Valid ENUM values for ALBDnsErrorResponseType		 string Enum: DNS_ERROR_RESPONSE_ERROR, DNS_ERROR_RESPONSE_NONE

ALBDnsGeoLocationMatch (schema)

DnsGeoLocationMatch

Advanced load balancer DnsGeoLocationMatch object

Name Description Type Notes
geolocation_name Geolocation name

Geographical location of the client IP to be used in the
match.
This location is of the format Country/State/City e.g.
US/CA/Santa Clara.
string
geolocation_tag Geolocation tag

Geolocation tag for the client IP.
This could be any string value for the client IP, e.g.
client IPs from US East Coast geolocation would be tagged
as 'East Coast'.
string
match_criteria Match criteria

Criterion to use for matching the client IP's geographical
location.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
use_edns_client_subnet_ip Use edns client subnet ip

Use the IP address from the EDNS client subnet option, if
available, to derive geo location of the DNS query.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBDnsInfo (schema)

DnsInfo

Advanced load balancer DnsInfo object

Name Description Type Notes
algorithm Algorithm

Specifies the algorithm to pick the IP address(es) to be
returned, when multiple entries are configured.
This does not apply if num_records_in_response is 0.
Default is consistent hash.
Enum options - DNS_RECORD_RESPONSE_ROUND_ROBIN,
DNS_RECORD_RESPONSE_CONSISTENT_HASH.
Default value when not specified in API or module is
interpreted by ALB Controller as
DNS_RECORD_RESPONSE_CONSISTENT_HASH.
ALBDnsRecordResponseAlgorithm Default: "DNS_RECORD_RESPONSE_CONSISTENT_HASH"
cname Cname

Canonical name in CNAME record.		 ALBDnsCnameRdata
fqdn Fqdn

Fully qualified domain name.		 string
metadata Metadata

Any metadata associated with this record.		 string
num_records_in_response Num records in response

Specifies the number of records returned for this FQDN.
Enter 0 to return all records.
Default is 0.
Allowed values are 0-20.
Special values are 0- 'Return all records'.
integer Minimum: 0
Maximum: 20
ttl Ttl

Time to live for fqdn record.
Default value is chosen from DNS profile for this cloud if
no value provided.
integer
type Type

DNS record type.
Enum options - DNS_RECORD_OTHER, DNS_RECORD_A,
DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA,
DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX,
DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY,
DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT,
DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY.
Default value when not specified in API or module is
interpreted by ALB Controller as DNS_RECORD_A.
ALBDnsRecordType Default: "DNS_RECORD_A"

ALBDnsMessageSection (schema)

DnsMessageSection type

Valid ENUM values for ALBDnsMessageSection

Name Description Type Notes
ALBDnsMessageSection DnsMessageSection type

Valid ENUM values for ALBDnsMessageSection		 string Enum: DNS_MESSAGE_SECTION_QUESTION, DNS_MESSAGE_SECTION_ANSWER, DNS_MESSAGE_SECTION_AUTHORITY, DNS_MESSAGE_SECTION_ADDITIONAL

ALBDnsMxRdata (schema)

DnsMxRdata

Advanced load balancer DnsMxRdata object

Name Description Type Notes
host Host

Fully qualified domain name of a mailserver.
The host name maps directly to one or more address records
in the DNS table, and must not point to any CNAME records
(RFC 2181).
string Required
priority Priority

The priority field identifies which mail server should be
preferred.
Allowed values are 0-65535.
integer Required
Minimum: 0
Maximum: 65535

ALBDnsNsRdata (schema)

DnsNsRdata

Advanced load balancer DnsNsRdata object

Name Description Type Notes
ip6_address Ip6 address

IPv6 address for Name Server.		 ALBIpAddr
ip_address Ip address

IP address for Name Server.		 ALBIpAddr
nsname Nsname

Name Server name.		 string Required

ALBDnsPolicies (schema)

DnsPolicies

Advanced load balancer DnsPolicies object

Name Description Type Notes
dns_policy_path Dns policy path

path of the dns policy.
It is a reference to an object of type DnsPolicy.
string Required
index Index

Index of the dns policy.		 integer Required

ALBDnsPolicy (schema)

DnsPolicy

Advanced load balancer DnsPolicy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
created_by Created by

Creator name.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBDnsPolicy string
rule Rule

DNS rules.		 array of ALBDnsRule
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBDnsPolicyApiResponse (schema)

DnsPolicyApiResponse

DnsPolicyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of DnsPolicy

Array of DnsPolicy
array of ALBDnsPolicy
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBDnsQueryNameMatch (schema)

DnsQueryNameMatch

Advanced load balancer DnsQueryNameMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for string matching the DNS query domain
name in the question section.
Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS,
DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS,
DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH.
Allowed in Basic(Allowed values-
BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL)
edition, Essentials(Allowed values-
BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL)
edition, Enterprise edition.
ALBStringOperation Required
query_domain_names Query domain names

Domain name to match against that specified in the question
section of the DNS query.
array of string
string_group_paths String group paths

path of the string group(s) for matching against DNS query
domain name in the question section.
It is a reference to an object of type StringGroup.
array of string

ALBDnsQueryTypeMatch (schema)

DnsQueryTypeMatch

Advanced load balancer DnsQueryTypeMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for matching the DNS query typein the
question section.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
query_type Query type

DNS query types in the request query.
Enum options - DNS_RECORD_OTHER, DNS_RECORD_A,
DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA,
DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX,
DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY,
DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT,
DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY.
array of ALBDnsRecordType

ALBDnsRateLimiter (schema)

DnsRateLimiter

Advanced load balancer DnsRateLimiter object

Name Description Type Notes
action Action

Action to perform upon rate limiting.		 ALBDnsRuleRLAction Required
rate_limiter_object Rate limiter object

Rate limiting object.		 ALBRateLimiter Required

ALBDnsRcode (schema)

DnsRcode type

Valid ENUM values for ALBDnsRcode

Name Description Type Notes
ALBDnsRcode DnsRcode type

Valid ENUM values for ALBDnsRcode		 string Enum: DNS_RCODE_NOERROR, DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NXDOMAIN, DNS_RCODE_NOTIMP, DNS_RCODE_REFUSED, DNS_RCODE_YXDOMAIN, DNS_RCODE_YXRRSET, DNS_RCODE_NXRRSET, DNS_RCODE_NOTAUTH, DNS_RCODE_NOTZONE

ALBDnsRecord (schema)

DnsRecord

Advanced load balancer DnsRecord object

Name Description Type Notes
algorithm Algorithm

Specifies the algorithm to pick the IP address(es) to be
returned, when multiple entries are configured.
This does not apply if num_records_in_response is 0.
Default is round-robin.
Enum options - DNS_RECORD_RESPONSE_ROUND_ROBIN,
DNS_RECORD_RESPONSE_CONSISTENT_HASH.
Default value when not specified in API or module is
interpreted by ALB Controller as
DNS_RECORD_RESPONSE_ROUND_ROBIN.
ALBDnsRecordResponseAlgorithm Default: "DNS_RECORD_RESPONSE_ROUND_ROBIN"
cname Cname

Canonical name in CNAME record.		 ALBDnsCnameRdata
delegated Delegated

Configured FQDNs are delegated domains (i.e.
they represent a zone cut).
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
description Description

Details of DNS record.		 string
fqdn Fqdn

Fully Qualified Domain Name.
Minimum of 1 items required.
array of string Required
ip6_address Ip6 address

IPv6 address in AAAA record.
Maximum of 4 items allowed.
array of ALBDnsAAAARdata
ip_address Ip address

IP address in A record.
Maximum of 4 items allowed.
array of ALBDnsARdata
metadata Metadata

Internal metadata for the DNS record.		 string
mx_records Mx records

MX record.
Maximum of 4 items allowed.
array of ALBDnsMxRdata
ns Ns

Name Server information in NS record.
Maximum of 13 items allowed.
array of ALBDnsNsRdata
num_records_in_response Num records in response

Specifies the number of records returned by the DNS
service.
Enter 0 to return all records.
Default is 0.
Allowed values are 0-20.
Special values are 0- 'Return all records'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 20
Default: "0"
service_locator Service locator

Service locator info in SRV record.
Maximum of 4 items allowed.
array of ALBDnsSrvRdata
ttl Ttl

Time To Live for this DNS record.		 integer
txt_records Txt records

Text record.
Maximum of 4 items allowed.
array of ALBDnsTxtRdata
type Type

DNS record type.
Enum options - DNS_RECORD_OTHER, DNS_RECORD_A,
DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA,
DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX,
DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY,
DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT,
DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY.
ALBDnsRecordType Required
wildcard_match Wildcard match

Enable wild-card match of fqdn if an exact match is not
found in the DNS table, the longest match is chosen by
wild-carding the fqdn in the DNS request.
Default is false.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"

ALBDnsRecordResponseAlgorithm (schema)

DnsRecordResponseAlgorithm type

Valid ENUM values for ALBDnsRecordResponseAlgorithm

Name Description Type Notes
ALBDnsRecordResponseAlgorithm DnsRecordResponseAlgorithm type

Valid ENUM values for ALBDnsRecordResponseAlgorithm		 string Enum: DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH

ALBDnsRecordType (schema)

DnsRecordType type

Valid ENUM values for ALBDnsRecordType

Name Description Type Notes
ALBDnsRecordType DnsRecordType type

Valid ENUM values for ALBDnsRecordType		 string Enum: DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY

ALBDnsRrSet (schema)

DnsRrSet

Advanced load balancer DnsRrSet object

Name Description Type Notes
cname Cname

Canonical name in CNAME record.		 ALBDnsCnameRdata
fqdn Fqdn

Fully Qualified Domain Name.		 string Required
ip6_addresses Ip6 addresses

IPv6 address in AAAA record.		 array of ALBDnsAAAARdata
ip_addresses Ip addresses

IP address in A record.		 array of ALBDnsARdata
nses Nses

Name Server information in NS record.		 array of ALBDnsNsRdata
ttl Ttl

Time To Live for this DNS record.
Allowed values are 0-2147483647.
integer Required
Minimum: 0
Maximum: 2147483647
type Type

DNS record type.
Enum options - DNS_RECORD_OTHER, DNS_RECORD_A,
DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA,
DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX,
DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY,
DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT,
DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY.
ALBDnsRecordType Required

ALBDnsRule (schema)

DnsRule

Advanced load balancer DnsRule object

Name Description Type Notes
action Action

Action to be performed upon successful matching.		 ALBDnsRuleAction
enable Enable

Enable or disable the rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
index Index

Index of the rule.		 integer Required
log Log

Log DNS query upon rule match.		 boolean
match Match

Add match criteria to the rule.		 ALBDnsRuleMatchTarget
name Name

Name of the rule.		 string Required

ALBDnsRuleAction (schema)

DnsRuleAction

Advanced load balancer DnsRuleAction object

Name Description Type Notes
allow Allow

Allow or drop the DNS query.		 ALBDnsRuleActionAllowDrop
dns_rate_limiter Dns rate limiter

Rate limits the DNS requests.		 ALBDnsRateLimiter
gslb_site_selection Gslb site selection

Select a specific GSLB site for the DNS query.
This action should be used only when GSLB services have
been configured for the DNS virtual service.
ALBDnsRuleActionGslbSiteSelection
pool_switching Pool switching

Select a pool or pool group for the passthrough DNS query
which cannot be served locally but could be served by
upstream servers.
ALBDnsRuleActionPoolSwitching
response Response

Generate a response for the DNS query.		 ALBDnsRuleActionResponse

ALBDnsRuleActionAllowDrop (schema)

DnsRuleActionAllowDrop

Advanced load balancer DnsRuleActionAllowDrop object

Name Description Type Notes
allow Allow

Allow the DNS query.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
reset_conn Reset conn

Reset the TCP connection of the DNS query, if allow is set
to false to drop the query.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBDnsRuleActionGslbSiteSelection (schema)

DnsRuleActionGslbSiteSelection

Advanced load balancer DnsRuleActionGslbSiteSelection object

Name Description Type Notes
fallback_site_names Fallback site names

GSLB fallback sites to use in case the desired site is
down.
Maximum of 64 items allowed.
array of string
is_site_preferred Is site preferred

When set to true, GSLB site is a preferred site.
This setting comes into play when the site is down, as well
as no configured fallback site is available (all fallback
sites are also down), then any one available site is
selected based on the default algorithm for GSLB pool member
selection.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
site_name Site name

GSLB site name.		 string Required

ALBDnsRuleActionPoolSwitching (schema)

DnsRuleActionPoolSwitching

Advanced load balancer DnsRuleActionPoolSwitching object

Name Description Type Notes
pool_group_path Pool group path

Reference of the pool group to serve the passthrough DNS
query which cannot be served locally.
It is a reference to an object of type PoolGroup.
string
pool_path Pool path

Reference of the pool to serve the passthrough DNS query
which cannot be served locally.
It is a reference to an object of type Pool.
string

ALBDnsRuleActionResponse (schema)

DnsRuleActionResponse

Advanced load balancer DnsRuleActionResponse object

Name Description Type Notes
authoritative Authoritative

DNS response is authoritative.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
rcode Rcode

DNS response code.
Enum options - DNS_RCODE_NOERROR, DNS_RCODE_FORMERR,
DNS_RCODE_SERVFAIL, DNS_RCODE_NXDOMAIN, DNS_RCODE_NOTIMP,
DNS_RCODE_REFUSED, DNS_RCODE_YXDOMAIN, DNS_RCODE_YXRRSET,
DNS_RCODE_NXRRSET, DNS_RCODE_NOTAUTH, DNS_RCODE_NOTZONE.
Default value when not specified in API or module is
interpreted by ALB Controller as DNS_RCODE_NOERROR.
ALBDnsRcode Default: "DNS_RCODE_NOERROR"
resource_record_sets Resource record sets

DNS resource record sets - (resource record set share the
DNS domain name, type, and class).
array of ALBDnsRuleDnsRrSet
truncation Truncation

DNS response is truncated.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"

ALBDnsRuleDnsRrSet (schema)

DnsRuleDnsRrSet

Advanced load balancer DnsRuleDnsRrSet object

Name Description Type Notes
resource_record_set Resource record set

DNS resource record set - (records in the resource record
set share the DNS domain name, type, and class).
ALBDnsRrSet Required
section Section

DNS message section for the resource record set.
Enum options - DNS_MESSAGE_SECTION_QUESTION,
DNS_MESSAGE_SECTION_ANSWER, DNS_MESSAGE_SECTION_AUTHORITY,
DNS_MESSAGE_SECTION_ADDITIONAL.
Default value when not specified in API or module is
interpreted by ALB Controller as DNS_MESSAGE_SECTION_ANSWER.
ALBDnsMessageSection Default: "DNS_MESSAGE_SECTION_ANSWER"

ALBDnsRuleMatchTarget (schema)

DnsRuleMatchTarget

Advanced load balancer DnsRuleMatchTarget object

Name Description Type Notes
client_ip_address Client ip address

IP addresses to match against client IP or the EDNS client
subnet IP.
ALBDnsClientIpMatch
geo_location Geo location

Geographical location attribute to match against that of
the client IP.
ALBDnsGeoLocationMatch
protocol Protocol

DNS transport protocol match.		 ALBDnsTransportProtocolMatch
query_name Query name

Domain names to match against query name.		 ALBDnsQueryNameMatch
query_type Query type

DNS query types to match against request query type.		 ALBDnsQueryTypeMatch

ALBDnsRuleRLAction (schema)

DnsRuleRLAction

Advanced load balancer DnsRuleRLAction object

Name Description Type Notes
type Type

Type of action to be enforced upon hitting the rate limit.
Enum options - DNS_RL_ACTION_NONE, DNS_RL_ACTION_DROP_REQ.
Default value when not specified in API or module is
interpreted by ALB Controller as DNS_RL_ACTION_NONE.
ALBDnsRuleRLActionType Default: "DNS_RL_ACTION_NONE"

ALBDnsRuleRLActionType (schema)

DnsRuleRLActionType type

Valid ENUM values for ALBDnsRuleRLActionType

Name Description Type Notes
ALBDnsRuleRLActionType DnsRuleRLActionType type

Valid ENUM values for ALBDnsRuleRLActionType		 string Enum: DNS_RL_ACTION_NONE, DNS_RL_ACTION_DROP_REQ

ALBDnsServiceApplicationProfile (schema)

DnsServiceApplicationProfile

Advanced load balancer DnsServiceApplicationProfile object

Name Description Type Notes
aaaa_empty_response Aaaa empty response

Respond to AAAA queries with empty response when there are
only IPV4 records.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
admin_email Admin email

Email address of the administrator responsible for this
zone.
This field is used in SOA records (rname) pertaining to all
domain names specified as authoritative domain names.
If not configured, the default value 'hostmaster' is used
in SOA responses.
Default value when not specified in API or module is
interpreted by ALB Controller as hostmaster.
string Default: "hostmaster"
dns_over_tcp_enabled Dns over tcp enabled

Enable DNS query/response over TCP.
This enables analytics for pass-through queries as well.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
dns_zones Dns zones

DNS zones hosted on this Virtual Service.
Maximum of 100 items allowed.
array of ALBDnsZone
domain_names Domain names

Subdomain names serviced by this Virtual Service.
These are configured as Ends-With semantics.
Maximum of 100 items allowed.
array of string
ecs_stripping_enabled Ecs stripping enabled

Enable stripping of EDNS client subnet (ecs) option towards
client if DNS service inserts ecs option in the DNS query
towards upstream servers.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
edns Edns

Enable DNS service to be aware of EDNS (Extension mechanism
for DNS).
EDNS extensions are parsed and shown in logs.
For GSLB services, the EDNS client subnet option can be
used to influence Load Balancing.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
edns_client_subnet_prefix_len Edns client subnet prefix len

Specifies the IP address prefix length to use in the EDNS
client subnet (ECS) option.
When the incoming request does not have any ECS option and
the prefix length is specified, an ECS option is inserted in
the request passed to upstream server.
If the incoming request already has an ECS option, the
prefix length (and correspondingly the address) in the ECS
option is updated, with the minimum of the prefix length
present in the incoming and the configured prefix length,
before passing the request to upstream server.
Allowed values are 1-32.
integer Minimum: 1
Maximum: 32
error_response Error response

Drop or respond to client when the DNS service encounters
an error processing a client query.
By default, such a request is dropped without any response,
or passed through to a passthrough pool, if configured.
When set to respond, an appropriate response is sent to
client, e.g.
NXDOMAIN response for non-existent records, empty NOERROR
response for unsupported queries, etc.
Enum options - DNS_ERROR_RESPONSE_ERROR,
DNS_ERROR_RESPONSE_NONE.
Default value when not specified in API or module is
interpreted by ALB Controller as DNS_ERROR_RESPONSE_NONE.
ALBDnsErrorResponseType Default: "DNS_ERROR_RESPONSE_NONE"
name_server Name server

The of the name server that was the original
or primary source of data for this zone.
This field is used in SOA records (mname) pertaining to all
domain names specified as authoritative domain names.
If not configured, domain name is used as name server in
SOA response.
string
negative_caching_ttl Negative caching ttl

Specifies the TTL value (in seconds) for SOA (Start of
Authority) (corresponding to a authoritative domain owned by
this DNS Virtual Service) record's minimum TTL served by the
DNS Virtual Service.
Allowed values are 0-86400.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 30.
integer Minimum: 0
Maximum: 86400
Default: "30"
num_dns_ip Num dns ip

Specifies the number of IP addresses returned by the DNS
Service.
Enter 0 to return all IP addresses.
Allowed values are 1-20.
Special values are 0- 'Return all IP addresses'.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: 0
Maximum: 20
Default: "1"
ttl Ttl

Specifies the TTL value (in seconds) for records served by
DNS Service.
Allowed values are 0-86400.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 30.
integer Minimum: 0
Maximum: 86400
Default: "30"

ALBDnsSrvRdata (schema)

DnsSrvRdata

Advanced load balancer DnsSrvRdata object

Name Description Type Notes
port Port

Service port.
Allowed values are 0-65535.
integer Required
Minimum: 0
Maximum: 65535
priority Priority

Priority of the target hosting the service, low value
implies higher priority for this service record.
Allowed values are 0-65535.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 65535
Default: "0"
target Target

Canonical hostname, of the machine hosting the service,
with no trailing period.
'default.host' is valid but not 'default.host.'.
Default value when not specified in API or module is
interpreted by ALB Controller as default.host.
string Default: "default.host"
weight Weight

Relative weight for service records with same priority,
high value implies higher preference for this service
record.
Allowed values are 0-65535.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 65535
Default: "0"

ALBDnsTransportProtocol (schema)

DnsTransportProtocol type

Valid ENUM values for ALBDnsTransportProtocol

Name Description Type Notes
ALBDnsTransportProtocol DnsTransportProtocol type

Valid ENUM values for ALBDnsTransportProtocol		 string Enum: DNS_OVER_UDP, DNS_OVER_TCP

ALBDnsTransportProtocolMatch (schema)

DnsTransportProtocolMatch

Advanced load balancer DnsTransportProtocolMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for matching the DNS transport protocol.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
protocol Protocol

Protocol to match against transport protocol used by DNS
query.
Enum options - DNS_OVER_UDP, DNS_OVER_TCP.
ALBDnsTransportProtocol Required

ALBDnsTxtRdata (schema)

DnsTxtRdata

Advanced load balancer DnsTxtRdata object

Name Description Type Notes
text_str Text str

Text data associated with the FQDN.		 string Required

ALBDnsZone (schema)

DnsZone

Advanced load balancer DnsZone object

Name Description Type Notes
admin_email Admin email

Email address of the administrator responsible for this
zone.
This field is used in SOA records as rname (RFC 1035).
If not configured, it is inherited from the DNS service
profile.
string
domain_name Domain name

Domain name authoritatively serviced by this Virtual
Service.
Queries for FQDNs that are sub domains of this domain and
do not have any DNS record in Avi are dropped or NXDomain
response sent.
For domains which are present, SOA parameters are sent in
answer section of response if query type is SOA.
string Required
name_server Name server

The primary name server for this zone.
This field is used in SOA records as mname (RFC 1035).
If not configured, it is inherited from the DNS service
profile.
If even that is not configured, the domain name is used
instead.
string

ALBDosRateLimitProfile (schema)

DosRateLimitProfile

Advanced load balancer DosRateLimitProfile object

Name Description Type Notes
dos_profile Dos profile

Profile for DoS attack detection.		 ALBDosThresholdProfile
rl_profile Rl profile

Profile for Connections/Requests rate limiting.		 ALBRateLimiterProfile

ALBDosThreshold (schema)

DosThreshold

Advanced load balancer DosThreshold object

Name Description Type Notes
attack Attack

Attack type.
Enum options - LAND, SMURF, ICMP_PING_FLOOD,
UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN,
IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE,
PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD,
MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS,
SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR,
DOS_HTTP_ABORT...
ALBAttackType Required
max_value Max value

Maximum number of packets or connections or requests in a
given interval of time to be deemed as attack.
integer Required
min_value Min value

Minimum number of packets or connections or requests in a
given interval of time to be deemed as attack.
integer Required

ALBDosThresholdProfile (schema)

DosThresholdProfile

Advanced load balancer DosThresholdProfile object

Name Description Type Notes
thresh_info Thresh info

Attack type, min and max values for DoS attack detection.		 array of ALBDosThreshold
thresh_period Thresh period

Timer value in seconds to collect DoS attack metrics based
on threshold on the Service Engine for this Virtual Service.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.
integer Required
Default: "5"

ALBDsrProfile (schema)

DsrProfile

Advanced load balancer DsrProfile object

Name Description Type Notes
dsr_encap_type Dsr encap type

Encapsulation type to use when DSR is L3.
Enum options - ENCAP_IPINIP.
Default value when not specified in API or module is
interpreted by ALB Controller as ENCAP_IPINIP.
ALBEncapType Default: "ENCAP_IPINIP"
dsr_type Dsr type

DSR type L2/L3.
Enum options - DSR_TYPE_L2, DSR_TYPE_L3.
Default value when not specified in API or module is
interpreted by ALB Controller as DSR_TYPE_L3.
ALBDsrType Default: "DSR_TYPE_L3"

ALBDsrType (schema)

DsrType type

Valid ENUM values for ALBDsrType

Name Description Type Notes
ALBDsrType DsrType type

Valid ENUM values for ALBDsrType		 string Enum: DSR_TYPE_L2, DSR_TYPE_L3

ALBEncapType (schema)

EncapType type

Valid ENUM values for ALBEncapType

Name Description Type Notes
ALBEncapType EncapType type

Valid ENUM values for ALBEncapType		 string Enum: ENCAP_IPINIP

ALBEquivalentLabels (schema)

EquivalentLabels

Advanced load balancer EquivalentLabels object

Name Description Type Notes
labels Labels

Equivalent labels.		 array of string

ALBErrorPage (schema)

ErrorPage

Advanced load balancer ErrorPage object

Name Description Type Notes
enable Enable

Enable or disable the error page.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
error_page_body_path Error page body path

Custom error page body used to sent to the client.
It is a reference to an object of type ErrorPageBody.
string
error_redirect Error redirect

Redirect sent to client when match.		 string
index Index

Index of the error page.		 integer
match Match

Add match criteria for http status codes to the error page.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBHTTPStatusMatch

ALBErrorPageBody (schema)

ErrorPageBody

Advanced load balancer ErrorPageBody object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_page_body Error page body

Error page body sent to client when match.		 string
format Format

Format of an error page body HTML or JSON.
Enum options - ERROR_PAGE_FORMAT_HTML,
ERROR_PAGE_FORMAT_JSON.
Default value when not specified in API or module is
interpreted by ALB Controller as ERROR_PAGE_FORMAT_HTML.
ALBErrorPageFormat Default: "ERROR_PAGE_FORMAT_HTML"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBErrorPageBody string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBErrorPageBodyApiResponse (schema)

ErrorPageBodyApiResponse

ErrorPageBodyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of ErrorPageBody

Array of ErrorPageBody
array of ALBErrorPageBody
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBErrorPageFormat (schema)

ErrorPageFormat type

Valid ENUM values for ALBErrorPageFormat

Name Description Type Notes
ALBErrorPageFormat ErrorPageFormat type

Valid ENUM values for ALBErrorPageFormat		 string Enum: ERROR_PAGE_FORMAT_HTML, ERROR_PAGE_FORMAT_JSON

ALBErrorPageProfile (schema)

ErrorPageProfile

Advanced load balancer ErrorPageProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_pages Error pages

Defined Error Pages for HTTP status codes.		 array of ALBErrorPage
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBErrorPageProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBErrorPageProfileApiResponse (schema)

ErrorPageProfileApiResponse

ErrorPageProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of ErrorPageProfile

Array of ErrorPageProfile
array of ALBErrorPageProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBFailAction (schema)

FailAction

Advanced load balancer FailAction object

Name Description Type Notes
local_rsp Local rsp

Local response to HTTP requests when pool experiences a
failure.
ALBFailActionHTTPLocalResponse
redirect Redirect

URL to redirect HTTP requests to when pool experiences a
failure.
ALBFailActionHTTPRedirect
type Type

Enables a response to client when pool experiences a
failure.
By default TCP connection is closed.
Enum options - FAIL_ACTION_HTTP_REDIRECT,
FAIL_ACTION_HTTP_LOCAL_RSP, FAIL_ACTION_CLOSE_CONN.
Allowed in Basic(Allowed values-
FAIL_ACTION_CLOSE_CONN,FAIL_ACTION_HTTP_REDIRECT) edition,
Essentials(Allowed values- FAIL_ACTION_CLOSE_CONN) edition,
Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as FAIL_ACTION_CLOSE_CONN.
ALBFailActionEnum Required
Default: "FAIL_ACTION_CLOSE_CONN"

ALBFailActionEnum (schema)

FailActionEnum type

Valid ENUM values for ALBFailActionEnum

Name Description Type Notes
ALBFailActionEnum FailActionEnum type

Valid ENUM values for ALBFailActionEnum		 string Enum: FAIL_ACTION_HTTP_REDIRECT, FAIL_ACTION_HTTP_LOCAL_RSP, FAIL_ACTION_CLOSE_CONN

ALBFailActionHTTPLocalResponse (schema)

FailActionHTTPLocalResponse

Advanced load balancer FailActionHTTPLocalResponse object

Name Description Type Notes
file File

Placeholder for description of property file of obj type
FailActionHTTPLocalResponse field type str type ref.
ALBHTTPLocalFile
status_code Status code

Enum options - FAIL_HTTP_STATUS_CODE_200,
FAIL_HTTP_STATUS_CODE_503.
Default value when not specified in API or module is
interpreted by ALB Controller as FAIL_HTTP_STATUS_CODE_503.
ALBFailHttpStatusCode Default: "FAIL_HTTP_STATUS_CODE_503"

ALBFailActionHTTPRedirect (schema)

FailActionHTTPRedirect

Advanced load balancer FailActionHTTPRedirect object

Name Description Type Notes
host Host

host of FailActionHTTPRedirect.		 string Required
path Path

path of FailActionHTTPRedirect.		 string
protocol Protocol

Enum options - HTTP, HTTPS.
Allowed in Basic(Allowed values- HTTP) edition, Enterprise
edition.
Special default for Basic edition is HTTP, Enterprise is
HTTPS.
Default value when not specified in API or module is
interpreted by ALB Controller as HTTP.
ALBHTTPProtocol Default: "HTTP"
query Query

query of FailActionHTTPRedirect.		 string
status_code Status code

Enum options - HTTP_REDIRECT_STATUS_CODE_301,
HTTP_REDIRECT_STATUS_CODE_302,
HTTP_REDIRECT_STATUS_CODE_307.
Allowed in Basic(Allowed values-
HTTP_REDIRECT_STATUS_CODE_302) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as
HTTP_REDIRECT_STATUS_CODE_302.
ALBHTTPRedirectStatusCode Default: "HTTP_REDIRECT_STATUS_CODE_302"

ALBFailHttpStatusCode (schema)

FailHttpStatusCode type

Valid ENUM values for ALBFailHttpStatusCode

Name Description Type Notes
ALBFailHttpStatusCode FailHttpStatusCode type

Valid ENUM values for ALBFailHttpStatusCode		 string Enum: FAIL_HTTP_STATUS_CODE_200, FAIL_HTTP_STATUS_CODE_503

ALBFlowLabelType (schema)

FlowLabelType type

Valid ENUM values for ALBFlowLabelType

Name Description Type Notes
ALBFlowLabelType FlowLabelType type

Valid ENUM values for ALBFlowLabelType		 string Enum: NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL

ALBFullClientLogs (schema)

FullClientLogs

Advanced load balancer FullClientLogs object

Name Description Type Notes
duration Duration

How long should the system capture all logs, measured in
minutes.
Set to 0 for infinite.
Special values are 0 - 'infinite'.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 30.
integer Default: "30"
enabled Enabled

Capture all client logs including connections and requests.
When deactivated, only errors will be logged.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Special default for Basic edition is false, Essentials
edition is false, Enterprise is False.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Required
Default: "False"
throttle Throttle

This setting limits the number of non-significant logs
generated per second for this VS on each SE.
Default is 10 logs per second.
Set it to zero (0) to deactivate throttling.
Unit is PER_SECOND.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Default: "10"

ALBGeoLocation (schema)

GeoLocation

Advanced load balancer GeoLocation object

Name Description Type Notes
latitude Latitude

Latitude of the location.
This is represented as degrees.minutes.
The range is from -90.0 (south) to +90.0 (north).
Allowed values are -90.0-+90.0.
number
longitude Longitude

Longitude of the location.
This is represented as degrees.minutes.
The range is from -180.0 (west) to +180.0 (east).
Allowed values are -180.0-+180.0.
number
name Name

Location name in the format Country/State/City.		 string
tag Tag

Location tag string - example USEast.		 string

ALBHSMAwsCloudHsm (schema)

HSMAwsCloudHsm

Advanced load balancer HSMAwsCloudHsm object

Name Description Type Notes
client_config Client config

client_config of HSMAwsCloudHsm.		 string
cluster_cert Cluster cert

AWS CloudHSM Cluster Certificate.		 string
crypto_user_name Crypto user name

Username of the Crypto User.
This will be used to access the keys on the HSM .
string
crypto_user_password Crypto user password

Password of the Crypto User.
This will be used to access the keys on the HSM .
string
hsm_ip Hsm ip

IP address of the HSM in the cluster.
If there are more than one HSMs, only one is sufficient.
array of string
mgmt_config Mgmt config

mgmt_config of HSMAwsCloudHsm.		 string

ALBHSMSafenetClientInfo (schema)

HSMSafenetClientInfo

Advanced load balancer HSMSafenetClientInfo object

Name Description Type Notes
chrystoki_conf Chrystoki conf

Generated File - Chrystoki.conf .		 string
client_cert Client cert

Client Certificate generated by createCert.		 string
client_ip Client ip

Name prepended to client key and certificate filename.		 string Required
client_priv_key Client priv key

Client Private Key generated by createCert.		 string
session_major_number Session major number

Major number of the sesseion.		 integer
session_minor_number Session minor number

Minor number of the sesseion.		 integer

ALBHSMSafenetLuna (schema)

HSMSafenetLuna

Advanced load balancer HSMSafenetLuna object

Name Description Type Notes
ha_group_num Ha group num

Group Number of generated HA Group.		 integer
is_ha Is ha

Set to indicate HA across more than one servers.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Required
Default: "False"
node_info Node info

Node specific information.		 array of ALBHSMSafenetClientInfo
server Server

SafeNet/Gemalto HSM Servers used for crypto operations.		 array of ALBHSMSafenetLunaServer
server_pem Server pem

Generated File - server.pem.		 string
use_dedicated_network Use dedicated network

If enabled, dedicated network is used to communicate with
HSM,else, the management network is used.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"

ALBHSMSafenetLunaServer (schema)

HSMSafenetLunaServer

Advanced load balancer HSMSafenetLunaServer object

Name Description Type Notes
index Index

Number of index.		 integer Required
partition_passwd Partition passwd

Password of the partition assigned to this client.		 string
partition_serial_number Partition serial number

Serial number of the partition assigned to this client.		 string
remote_ip Remote ip

IP address of the Safenet/Gemalto HSM device.		 string Required
server_cert Server cert

CA certificate of the server.		 string Required

ALBHSMThalesNetHsm (schema)

HSMThalesNetHsm

Advanced load balancer HSMThalesNetHsm object

Name Description Type Notes
esn Esn

Electronic serial number of the netHSM device.
Use Thales anonkneti utility to find the netHSM ESN.
string Required
keyhash Keyhash

Hash of the key that netHSM device uses to authenticate
itself.
Use Thales anonkneti utility to find the netHSM keyhash.
string Required
module_id Module id

Local module id of the netHSM device.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
priority Priority

Priority class of the nethsm in an high availability setup.
1 is the highest priority and 100 is the lowest priority.
Allowed values are 1-100.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Required
Minimum: 1
Maximum: 100
Default: "100"
remote_ip Remote ip

IP address of the netHSM device.		 ALBIpAddr Required
remote_port Remote port

Port at which the netHSM device accepts the connection.
Allowed values are 1-65535.
Default value when not specified in API or module is
interpreted by ALB Controller as 9004.
integer Minimum: 1
Maximum: 65535
Default: "9004"

ALBHSMThalesRFS (schema)

HSMThalesRFS

Advanced load balancer HSMThalesRFS object

Name Description Type Notes
ip Ip

IP address of the RFS server from where to sync the Thales
encrypted private key.
ALBIpAddr Required
port Port

Port at which the RFS server accepts the sync request from
clients for Thales encrypted private key.
Allowed values are 1-65535.
Default value when not specified in API or module is
interpreted by ALB Controller as 9004.
integer Minimum: 1
Maximum: 65535
Default: "9004"

ALBHSMType (schema)

HSMType type

Valid ENUM values for ALBHSMType

Name Description Type Notes
ALBHSMType HSMType type

Valid ENUM values for ALBHSMType		 string Enum: HSM_TYPE_THALES_NETHSM, HSM_TYPE_SAFENET_LUNA, HSM_TYPE_AWS_CLOUDHSM

ALBHTTP2ApplicationProfile (schema)

HTTP2ApplicationProfile

Advanced load balancer HTTP2ApplicationProfile object

Name Description Type Notes
http2_initial_window_size Http2 initial window size

The initial flow control window size in KB for HTTP/2
streams.
Allowed values are 64-32768.
Unit is KB.
Default value when not specified in API or module is
interpreted by ALB Controller as 64.
integer Minimum: 64
Maximum: 32768
Default: "64"
max_http2_concurrent_streams_per_connection Max http2 concurrent streams per connection

The max number of concurrent streams over a client side
HTTP/2 connection.
Allowed values are 1-256.
Default value when not specified in API or module is
interpreted by ALB Controller as 128.
integer Minimum: 1
Maximum: 256
Default: "128"
max_http2_control_frames_per_connection Max http2 control frames per connection

The max number of control frames that client can send over
an HTTP/2 connection.
'0' means unlimited.
Allowed values are 0-10000.
Special values are 0- 'Unlimited control frames on a client
side HTTP/2 connection'.
Default value when not specified in API or module is
interpreted by ALB Controller as 1000.
integer Minimum: 0
Maximum: 10000
Default: "1000"
max_http2_empty_data_frames_per_connection Max http2 empty data frames per connection

The max number of empty data frames that client can send
over an HTTP/2 connection.
'0' means unlimited.
Allowed values are 0-10000.
Special values are 0- 'Unlimited empty data frames over a
client side HTTP/2 connection'.
Default value when not specified in API or module is
interpreted by ALB Controller as 1000.
integer Minimum: 0
Maximum: 10000
Default: "1000"
max_http2_header_field_size Max http2 header field size

The maximum size in bytes of the compressed request header
field.
The limit applies equally to both name and value.
Allowed values are 1-8192.
Unit is BYTES.
Default value when not specified in API or module is
interpreted by ALB Controller as 4096.
integer Minimum: 1
Maximum: 8192
Default: "4096"
max_http2_queued_frames_to_client_per_connection Max http2 queued frames to client per connection

The max number of frames that can be queued waiting to be
sent over a client side HTTP/2 connection at any given time.
'0' means unlimited.
Allowed values are 0-10000.
Special values are 0- 'Unlimited frames can be queued on a
client side HTTP/2 connection'.
Default value when not specified in API or module is
interpreted by ALB Controller as 1000.
integer Minimum: 0
Maximum: 10000
Default: "1000"
max_http2_requests_per_connection Max http2 requests per connection

The maximum number of requests over a client side HTTP/2
connection.
Allowed values are 0-10000.
Special values are 0- 'Unlimited requests on a client side
HTTP/2 connection'.
Default value when not specified in API or module is
interpreted by ALB Controller as 1000.
integer Minimum: 0
Maximum: 10000
Default: "1000"

ALBHTTPApplicationProfile (schema)

HTTPApplicationProfile

Advanced load balancer HTTPApplicationProfile object

Name Description Type Notes
allow_dots_in_header_name Allow dots in header name

Allow use of dot (.) in HTTP header names, for instance
Header.app.special PickAppVersionX.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
cache_config Cache config

HTTP Caching config to use with this HTTP Profile.		 ALBHttpCacheConfig
client_body_timeout Client body timeout

The maximum length of time allowed between consecutive read
operations for a client request body.
The value '0' specifies no timeout.
This setting generally impacts the length of time allowed
for a client to send a POST.
Allowed values are 0-100000000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 30000) edition,
Essentials(Allowed values- 30000) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 30000.
integer Minimum: 0
Maximum: 100000000
Default: "30000"
client_header_timeout Client header timeout

The maximum length of time allowed for a client to transmit
an entire request header.
This helps mitigate various forms of SlowLoris attacks.
Allowed values are 10-100000000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 10000) edition,
Essentials(Allowed values- 10000) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 10000.
integer Minimum: 10
Maximum: 100000000
Default: "10000"
client_max_body_size Client max body size

Maximum size for the client request body.
This limits the size of the client data that can be
uploaded/posted as part of a single HTTP Request.
Default 0 => Unlimited.
Unit is KB.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
client_max_header_size Client max header size

Maximum size in Kbytes of a single HTTP header in the
client request.
Allowed values are 1-64.
Unit is KB.
Allowed in Basic(Allowed values- 12) edition,
Essentials(Allowed values- 12) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 12.
integer Minimum: 1
Maximum: 64
Default: "12"
client_max_request_size Client max request size

Maximum size in Kbytes of all the client HTTP request
headers.
Allowed values are 1-256.
Unit is KB.
Default value when not specified in API or module is
interpreted by ALB Controller as 48.
integer Minimum: 1
Maximum: 256
Default: "48"
compression_profile Compression profile

HTTP Compression settings to use with this HTTP Profile.		 ALBCompressionProfile
connection_multiplexing_enabled Connection multiplexing enabled

Allows HTTP requests, not just TCP connections, to be load
balanced across servers.
Proxied TCP connections to servers may be reused by
multiple clients to improve performance.
Not compatible with Preserve Client IP.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
disable_keepalive_posts_msie6 Disable keepalive posts msie6

Disable keep-alive client side connections for older
browsers based off MS Internet Explorer 6.0 (MSIE6).
For some applications, this might break NTLM authentication
for older clients based off MSIE6.
For such applications, set this option to false to allow
keep-alive connections.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
disable_sni_hostname_check Disable sni hostname check

Disable strict check between TLS servername and HTTP Host
name.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_chunk_merge Enable chunk merge

Enable chunk body merge for chunked transfer encoding
response.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
enable_fire_and_forget Enable fire and forget

Enable support for fire and forget feature.
If enabled, request from client is forwarded to server even
if client prematurely closes the connection.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_request_body_buffering Enable request body buffering

Enable request body buffering for POST requests.
If enabled, max buffer size is set to lower of 32M or the
value (non-zero) configured in client_max_body_size.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_request_body_metrics Enable request body metrics

Enable HTTP request body metrics.
If enabled, requests from clients are parsed and relevant
statistics about them are gathered.
Currently, it processes HTTP POST requests with
Content-Type application/x-www-form-urlencoded or
multipart/form-data, and adds the number of detected
parameters to the l7_client.http_params_count.
This is an experimental feature and it may have performance
impact.
Use it when detailed information about the number of HTTP
POST parameters is needed, e.g.
for WAF sizing.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
fwd_close_hdr_for_bound_connections Fwd close hdr for bound connections

Forward the Connection Close header coming from backend
server to the client if connection-switching is enabled,
i.e.
front-end and backend connections are bound together.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
hsts_enabled Hsts enabled

Inserts HTTP Strict-Transport-Security header in the HTTPS
response.
HSTS can help mitigate man-in-the-middle attacks by telling
browsers that support HSTS that they should only access this
site via HTTPS.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
hsts_max_age Hsts max age

Number of days for which the client should regard this
virtual service as a known HSTS host.
Allowed values are 0-10000.
Allowed in Basic(Allowed values- 365) edition,
Essentials(Allowed values- 365) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 365.
integer Minimum: 0
Maximum: 10000
Default: "365"
hsts_subdomains_enabled Hsts subdomains enabled

Insert the 'includeSubdomains' directive in the HTTP
Strict-Transport-Security header.
Adding the includeSubdomains directive signals the
User-Agent that the HSTS Policy applies to this HSTS Host as
well as any subdomains of the host's domain name.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Special default for Basic edition is false, Essentials
edition is false, Enterprise is True.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
http2_profile Http2 profile

Specifies the HTTP/2 specific application profile
parameters.
Allowed in Essentials edition, Enterprise edition.
ALBHTTP2ApplicationProfile
http_to_https Http to https

Client requests received via HTTP will be redirected to
HTTPS.
Allowed in Essentials(Allowed values- false) edition,
Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
http_upstream_buffer_size Http upstream buffer size

Size of HTTP buffer in kB.
Allowed values are 1-256.
Special values are 0- 'Auto compute the size of buffer'.
Unit is KB.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 256
Default: "0"
httponly_enabled Httponly enabled

Mark HTTP cookies as HTTPonly.
This helps mitigate cross site scripting attacks as
browsers will not allow these cookies to be read by third
parties, such as javascript.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
keepalive_header Keepalive header

Send HTTP 'Keep-Alive' header to the client.
By default, the timeout specified in the 'Keep-Alive
Timeout' field will be used unless the 'Use App Keepalive
Timeout' flag is set, in which case the timeout sent by the
application will be honored.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
keepalive_timeout Keepalive timeout

The max idle time allowed between HTTP requests over a
Keep-alive connection.
Allowed values are 10-100000000.
Unit is MILLISECONDS.
Allowed in Essentials(Allowed values- 30000) edition,
Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 30000.
integer Minimum: 10
Maximum: 100000000
Default: "30000"
max_bad_rps_cip Max bad rps cip

Maximum bad requests per second per client IP.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
max_bad_rps_cip_uri Max bad rps cip uri

Maximum bad requests per second per client IP and URI.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
max_bad_rps_uri Max bad rps uri

Maximum bad requests per second per URI.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
max_keepalive_requests Max keepalive requests

The max number of HTTP requests that can be sent over a
Keep-Alive connection.
'0' means unlimited.
Allowed values are 0-1000000.
Special values are 0- 'Unlimited requests on a connection'.
Allowed in Basic(Allowed values- 100) edition,
Essentials(Allowed values- 100) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Minimum: 0
Maximum: 1000000
Default: "100"
max_response_headers_size Max response headers size

Maximum size in Kbytes of all the HTTP response headers.
Allowed values are 1-256.
Unit is KB.
Allowed in Basic(Allowed values- 48) edition,
Essentials(Allowed values- 48) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 48.
integer Minimum: 1
Maximum: 256
Default: "48"
max_rps_cip Max rps cip

Maximum requests per second per client IP.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
max_rps_cip_uri Max rps cip uri

Maximum requests per second per client IP and URI.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
max_rps_unknown_cip Max rps unknown cip

Maximum unknown client IPs per second.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
max_rps_unknown_uri Max rps unknown uri

Maximum unknown URIs per second.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
max_rps_uri Max rps uri

Maximum requests per second per URI.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
pki_profile_path Pki profile path

Select the PKI profile to be associated with the Virtual
Service.
This profile defines the Certificate Authority and
Revocation List.
It is a reference to an object of type PKIProfile.
string
post_accept_timeout Post accept timeout

The max allowed length of time between a client
establishing a TCP connection and Avi receives the first
byte of the client's HTTP request.
Allowed values are 10-100000000.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 30000) edition,
Essentials(Allowed values- 30000) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 30000.
integer Minimum: 10
Maximum: 100000000
Default: "30000"
reset_conn_http_on_ssl_port Reset conn http on ssl port

If enabled, an HTTP request on an SSL port will result in
connection close instead of a 400 response.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
respond_with_100_continue Respond with 100 continue

Avi will respond with 100-Continue response if Expect
100-Continue header received from client.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
secure_cookie_enabled Secure cookie enabled

Mark server cookies with the 'Secure' attribute.
Client browsers will not send a cookie marked as secure
over an unencrypted connection.
If Avi is terminating SSL from clients and passing it as
HTTP to the server, the server may return cookies without
the secure flag set.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
server_side_redirect_to_https Server side redirect to https

When terminating client SSL sessions at Avi, servers may
incorrectly send redirect to clients as HTTP.
This option will rewrite the server's redirect responses
for this virtual service from HTTP to HTTPS.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
ssl_client_certificate_action Ssl client certificate action

Set of match/action rules that govern what happens when the
client certificate request is enabled.
ALBSSLClientCertificateAction
ssl_client_certificate_mode Ssl client certificate mode

Specifies whether the client side verification is set to
none, request or require.
Enum options - SSL_CLIENT_CERTIFICATE_NONE,
SSL_CLIENT_CERTIFICATE_REQUEST,
SSL_CLIENT_CERTIFICATE_REQUIRE.
Allowed in Basic(Allowed values-
SSL_CLIENT_CERTIFICATE_NONE,SSL_CLIENT_CERTIFICATE_REQUIRE)
edition, Essentials(Allowed values-
SSL_CLIENT_CERTIFICATE_NONE,SSL_CLIENT_CERTIFICATE_REQUIRE)
edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as
SSL_CLIENT_CERTIFICATE_NONE.
ALBSSLClientCertificateMode Default: "SSL_CLIENT_CERTIFICATE_NONE"
use_app_keepalive_timeout Use app keepalive timeout

Use 'Keep-Alive' header timeout sent by application instead
of sending the HTTP Keep-Alive Timeout.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
websockets_enabled Websockets enabled

Enable Websockets proxy for traffic from clients to the
virtual service.
Connections to this VS start in HTTP mode.
If the client requests an Upgrade to Websockets, and the
server responds back with success, then the connection is
upgraded to WebSockets mode.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
x_forwarded_proto_enabled X forwarded proto enabled

Insert an X-Forwarded-Proto header in the request sent to
the server.
When the client connects via SSL, Avi terminates the SSL,
and then forwards the requests to the servers via HTTP, so
the servers can determine the original protocol via this
header.
In this example, the value will be 'https'.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
xff_alternate_name Xff alternate name

Provide a custom name for the X-Forwarded-For header sent
to the servers.
Default value when not specified in API or module is
interpreted by ALB Controller as X-Forwarded-For.
string Default: "X-Forwarded-For"
xff_enabled Xff enabled

The client's original IP address is inserted into an HTTP
request header sent to the server.
Servers may use this address for logging or other purposes,
rather than Avi's source NAT address used in the Avi to
server IP connection.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBHTTPClientAuthenticationParams (schema)

HTTPClientAuthenticationParams

Advanced load balancer HTTPClientAuthenticationParams object

Name Description Type Notes
auth_profile_path Auth profile path

Auth Profile to use for validating users.
It is a reference to an object of type AuthProfile.
string
realm Realm

Basic authentication realm to present to a user along with
the prompt for credentials.
string
request_uri_path Request uri path

Rrequest URI path when the authentication applies.		 ALBStringMatch
type Type

type of client authentication.
Enum options - HTTP_BASIC_AUTH.
ALBHTTPClientAuthenticationType

ALBHTTPClientAuthenticationType (schema)

HTTPClientAuthenticationType type

Valid ENUM values for ALBHTTPClientAuthenticationType

Name Description Type Notes
ALBHTTPClientAuthenticationType HTTPClientAuthenticationType type

Valid ENUM values for ALBHTTPClientAuthenticationType		 string Enum: HTTP_BASIC_AUTH

ALBHTTPCookieData (schema)

HTTPCookieData

Advanced load balancer HTTPCookieData object

Name Description Type Notes
name Name

Cookie name.		 string
value Value

Cookie value.		 string

ALBHTTPHdrAction (schema)

HTTPHdrAction

Advanced load balancer HTTPHdrAction object

Name Description Type Notes
action Action

ADD A new header with the new value is added irrespective
of the existence of an HTTP header of the given name.
REPLACE A new header with the new value is added if no
header of the given name exists, else existing headers with
the given name are removed and a new header with the new
value is added.
REMOVE All the headers of the given name are removed.
Enum options - HTTP_ADD_HDR, HTTP_REMOVE_HDR,
HTTP_REPLACE_HDR.
Allowed in Basic(Allowed values-
HTTP_REMOVE_HDR,HTTP_REPLACE_HDR) edition,
Essentials(Allowed values- HTTP_REMOVE_HDR,HTTP_REPLACE_HDR)
edition, Enterprise edition.
ALBHTTPHdrActionType Required
cookie Cookie

Cookie information.		 ALBHTTPCookieData
hdr Hdr

HTTP header information.		 ALBHTTPHdrData

ALBHTTPHdrActionType (schema)

HTTPHdrActionType type

Valid ENUM values for ALBHTTPHdrActionType

Name Description Type Notes
ALBHTTPHdrActionType HTTPHdrActionType type

Valid ENUM values for ALBHTTPHdrActionType		 string Enum: HTTP_ADD_HDR, HTTP_REMOVE_HDR, HTTP_REPLACE_HDR

ALBHTTPHdrData (schema)

HTTPHdrData

Advanced load balancer HTTPHdrData object

Name Description Type Notes
name Name

HTTP header name.		 string
value Value

HTTP header value.		 ALBHTTPHdrValue

ALBHTTPHdrValue (schema)

HTTPHdrValue

Advanced load balancer HTTPHdrValue object

Name Description Type Notes
val Val

HTTP header value or variable representing an HTTP header.		 string
var Var

Variable.
Enum options - HTTP_POLICY_VAR_CLIENT_IP,
HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP,
HTTP_POLICY_VAR_HTTP_HDR,
HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT,
HTTP_POLICY_VAR_SSL_CLIENT_SERIAL,
HTTP_POLICY_VAR_SSL_CLIENT_ISSUER,
HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT,
HTTP_POLICY_VAR_SSL_CLIENT_RAW,
HTTP_POLICY_VAR_SSL_PROTOCOL,
HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME,
HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID,
HTTP_POLICY_VAR_SSL_CLIENT_VERSION,
HTTP_POLICY_VAR_SSL_CLIENT_SIGALG,
HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDBEFORE,
HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDAFTER.
ALBHTTPPolicyVar

ALBHTTPLocalFile (schema)

HTTPLocalFile

Advanced load balancer HTTPLocalFile object

Name Description Type Notes
content_type Content type

Mime-type of the content in the file.		 string Required
file_content File content

File content to used in the local HTTP response body.		 string Required

ALBHTTPLocalResponseStatusCode (schema)

HTTPLocalResponseStatusCode type

Valid ENUM values for ALBHTTPLocalResponseStatusCode

Name Description Type Notes
ALBHTTPLocalResponseStatusCode HTTPLocalResponseStatusCode type

Valid ENUM values for ALBHTTPLocalResponseStatusCode		 string Enum: HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501

ALBHTTPMethod (schema)

HTTPMethod type

Valid ENUM values for ALBHTTPMethod

Name Description Type Notes
ALBHTTPMethod HTTPMethod type

Valid ENUM values for ALBHTTPMethod		 string Enum: HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK

ALBHTTPPolicies (schema)

HTTPPolicies

Advanced load balancer HTTPPolicies object

Name Description Type Notes
http_policy_set_path Http policy set path

path of the virtual service HTTP policy collection.
It is a reference to an object of type HTTPPolicySet.
string Required
index Index

Index of the virtual service HTTP policy collection.		 integer Required

ALBHTTPPolicySet (schema)

HTTPPolicySet

Advanced load balancer HTTPPolicySet object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cloud_config_cksum Cloud config cksum

Checksum of cloud configuration for Pool.
Internally set by cloud connector.
string
created_by Created by

Creator name.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
http_request_policy Http request policy

HTTP request policy for the virtual service.		 ALBHTTPRequestPolicy
http_response_policy Http response policy

HTTP response policy for the virtual service.		 ALBHTTPResponsePolicy
http_security_policy Http security policy

HTTP security policy for the virtual service.		 ALBHTTPSecurityPolicy
id Unique identifier of this resource string Sortable
is_internal_policy Is internal policy

Placeholder for description of property is_internal_policy
of obj type HTTPPolicySet field type str type boolean.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBHTTPPolicySet string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBHTTPPolicySetApiResponse (schema)

HTTPPolicySetApiResponse

HTTPPolicySetApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of HTTPPolicySet

Array of HTTPPolicySet
array of ALBHTTPPolicySet
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBHTTPPolicyVar (schema)

HTTPPolicyVar type

Valid ENUM values for ALBHTTPPolicyVar

Name Description Type Notes
ALBHTTPPolicyVar HTTPPolicyVar type

Valid ENUM values for ALBHTTPPolicyVar		 string Enum: HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID, HTTP_POLICY_VAR_SSL_CLIENT_VERSION, HTTP_POLICY_VAR_SSL_CLIENT_SIGALG, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDBEFORE, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDAFTER

ALBHTTPProtocol (schema)

HTTPProtocol type

Valid ENUM values for ALBHTTPProtocol

Name Description Type Notes
ALBHTTPProtocol HTTPProtocol type

Valid ENUM values for ALBHTTPProtocol		 string Enum: HTTP, HTTPS

ALBHTTPRedirectAction (schema)

HTTPRedirectAction

Advanced load balancer HTTPRedirectAction object

Name Description Type Notes
host Host

Host config.		 ALBURIParam
keep_query Keep query

Keep or drop the query of the incoming request URI in the
redirected URI.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
path Path

Path config.		 ALBURIParam
port Port

Port to which redirect the request.
Allowed values are 1-65535.
integer Minimum: 1
Maximum: 65535
protocol Protocol

Protocol type.
Enum options - HTTP, HTTPS.
ALBHTTPProtocol Required
status_code Status code

HTTP redirect status code.
Enum options - HTTP_REDIRECT_STATUS_CODE_301,
HTTP_REDIRECT_STATUS_CODE_302,
HTTP_REDIRECT_STATUS_CODE_307.
Default value when not specified in API or module is
interpreted by ALB Controller as
HTTP_REDIRECT_STATUS_CODE_302.
ALBHTTPRedirectStatusCode Default: "HTTP_REDIRECT_STATUS_CODE_302"

ALBHTTPRedirectStatusCode (schema)

HTTPRedirectStatusCode type

Valid ENUM values for ALBHTTPRedirectStatusCode

Name Description Type Notes
ALBHTTPRedirectStatusCode HTTPRedirectStatusCode type

Valid ENUM values for ALBHTTPRedirectStatusCode		 string Enum: HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307

ALBHTTPRequestPolicy (schema)

HTTPRequestPolicy

Advanced load balancer HTTPRequestPolicy object

Name Description Type Notes
rules Rules

Add rules to the HTTP request policy.		 array of ALBHTTPRequestRule

ALBHTTPRequestRule (schema)

HTTPRequestRule

Advanced load balancer HTTPRequestRule object

Name Description Type Notes
all_headers All headers

Log all HTTP headers upon rule match.		 boolean
enable Enable

Enable or disable the rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Required
Default: "True"
hdr_action Hdr action

HTTP header rewrite action.		 array of ALBHTTPHdrAction
index Index

Index of the rule.		 integer Required
log Log

Log HTTP request upon rule match.		 boolean
match Match

Add match criteria to the rule.		 ALBMatchTarget
name Name

Name of the rule.		 string Required
redirect_action Redirect action

HTTP redirect action.		 ALBHTTPRedirectAction
rewrite_url_action Rewrite url action

HTTP request URL rewrite action.		 ALBHTTPRewriteURLAction
switching_action Switching action

Content switching action.		 ALBHTTPSwitchingAction

ALBHTTPReselectRespCode (schema)

HTTPReselectRespCode

Advanced load balancer HTTPReselectRespCode object

Name Description Type Notes
codes Codes

HTTP response code to be matched.
Allowed values are 400-599.
array of integer
ranges Ranges

HTTP response code ranges to match.		 array of ALBHTTPStatusRange
resp_code_block Resp code block

Block of HTTP response codes to match for server reselect.
Enum options - HTTP_RSP_4XX, HTTP_RSP_5XX.
array of ALBHttpReselectRespCodeBlock

ALBHTTPResponseCodes (schema)

HTTPResponseCodes type

Valid ENUM values for ALBHTTPResponseCodes

Name Description Type Notes
ALBHTTPResponseCodes HTTPResponseCodes type

Valid ENUM values for ALBHTTPResponseCodes		 string Enum: HTTP_RESPONSE_CODE_0, HTTP_RESPONSE_CODE_100, HTTP_RESPONSE_CODE_101, HTTP_RESPONSE_CODE_200, HTTP_RESPONSE_CODE_201, HTTP_RESPONSE_CODE_202, HTTP_RESPONSE_CODE_203, HTTP_RESPONSE_CODE_204, HTTP_RESPONSE_CODE_205, HTTP_RESPONSE_CODE_206, HTTP_RESPONSE_CODE_300, HTTP_RESPONSE_CODE_301, HTTP_RESPONSE_CODE_302, HTTP_RESPONSE_CODE_303, HTTP_RESPONSE_CODE_304, HTTP_RESPONSE_CODE_305, HTTP_RESPONSE_CODE_307, HTTP_RESPONSE_CODE_400, HTTP_RESPONSE_CODE_401, HTTP_RESPONSE_CODE_402, HTTP_RESPONSE_CODE_403, HTTP_RESPONSE_CODE_404, HTTP_RESPONSE_CODE_405, HTTP_RESPONSE_CODE_406, HTTP_RESPONSE_CODE_407, HTTP_RESPONSE_CODE_408, HTTP_RESPONSE_CODE_409, HTTP_RESPONSE_CODE_410, HTTP_RESPONSE_CODE_411, HTTP_RESPONSE_CODE_412, HTTP_RESPONSE_CODE_413, HTTP_RESPONSE_CODE_414, HTTP_RESPONSE_CODE_415, HTTP_RESPONSE_CODE_416, HTTP_RESPONSE_CODE_417, HTTP_RESPONSE_CODE_426, HTTP_RESPONSE_CODE_470, HTTP_RESPONSE_CODE_475, HTTP_RESPONSE_CODE_500, HTTP_RESPONSE_CODE_501, HTTP_RESPONSE_CODE_502, HTTP_RESPONSE_CODE_503, HTTP_RESPONSE_CODE_504, HTTP_RESPONSE_CODE_505

ALBHTTPResponsePolicy (schema)

HTTPResponsePolicy

Advanced load balancer HTTPResponsePolicy object

Name Description Type Notes
rules Rules

Add rules to the HTTP response policy.		 array of ALBHTTPResponseRule

ALBHTTPResponseRule (schema)

HTTPResponseRule

Advanced load balancer HTTPResponseRule object

Name Description Type Notes
all_headers All headers

Log all HTTP headers upon rule match.		 boolean
enable Enable

Enable or disable the rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Required
Default: "True"
hdr_action Hdr action

HTTP header rewrite action.		 array of ALBHTTPHdrAction
index Index

Index of the rule.		 integer Required
loc_hdr_action Loc hdr action

Location header rewrite action.		 ALBHTTPRewriteLocHdrAction
log Log

Log HTTP request upon rule match.		 boolean
match Match

Add match criteria to the rule.		 ALBResponseMatchTarget
name Name

Name of the rule.		 string Required

ALBHTTPRewriteLocHdrAction (schema)

HTTPRewriteLocHdrAction

Advanced load balancer HTTPRewriteLocHdrAction object

Name Description Type Notes
host Host

Host config.		 ALBURIParam
keep_query Keep query

Keep or drop the query from the server side redirect URI.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
path Path

Path config.		 ALBURIParam
port Port

Port to use in the redirected URI.
Allowed values are 1-65535.
integer Minimum: 1
Maximum: 65535
protocol Protocol

HTTP protocol type.
Enum options - HTTP, HTTPS.
ALBHTTPProtocol Required

ALBHTTPRewriteURLAction (schema)

HTTPRewriteURLAction

Advanced load balancer HTTPRewriteURLAction object

Name Description Type Notes
host_hdr Host hdr

Host config.		 ALBURIParam
path Path

Path config.		 ALBURIParam
query Query

Query config.		 ALBURIParamQuery

ALBHTTPSecurityAction (schema)

HTTPSecurityAction

Advanced load balancer HTTPSecurityAction object

Name Description Type Notes
action Action

Type of the security action to perform.
Enum options - HTTP_SECURITY_ACTION_CLOSE_CONN,
HTTP_SECURITY_ACTION_SEND_RESPONSE,
HTTP_SECURITY_ACTION_ALLOW,
HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS,
HTTP_SECURITY_ACTION_RATE_LIMIT,
HTTP_SECURITY_ACTION_REQUEST_CHECK_ICAP.
Allowed in Basic(Allowed values-
HTTP_SECURITY_ACTION_CLOSE_CONN,HTTP_SECURITY_ACTION_SEND_RESPONSE,HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS)
edition, Essentials(Allowed values-
HTTP_SECURITY_ACTION_CLOSE_CONN,HTTP_SECURITY_ACTION_SEND_RESPONSE,HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS)
edition, Enterprise edition.
ALBHTTPSecurityActionType Required
file File

File to be used for generating HTTP local response.		 ALBHTTPLocalFile
https_port Https port

Secure SSL/TLS port to redirect the HTTP request to.
Allowed values are 1-65535.
integer Minimum: 1
Maximum: 65535
rate_profile Rate profile

Rate limiting configuration for this action.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBHTTPSecurityActionRateProfile
status_code Status code

HTTP status code to use for local response.
Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200,
HTTP_LOCAL_RESPONSE_STATUS_CODE_204,
HTTP_LOCAL_RESPONSE_STATUS_CODE_403,
HTTP_LOCAL_RESPONSE_STATUS_CODE_404,
HTTP_LOCAL_RESPONSE_STATUS_CODE_429,
HTTP_LOCAL_RESPONSE_STATUS_CODE_501.
ALBHTTPLocalResponseStatusCode

ALBHTTPSecurityActionRateProfile (schema)

HTTPSecurityActionRateProfile

Advanced load balancer HTTPSecurityActionRateProfile object

Name Description Type Notes
action Action

The action to take when the rate limit has been reached.		 ALBRateLimiterAction Required
per_client_ip Per client ip

Rate limiting should be done on a per client ip basis.		 boolean
per_uri_path Per uri path

Rate limiting should be done on a per request uri path
basis.
boolean
rate_limiter Rate limiter

The rate limiter used when this action is triggered.		 ALBRateLimiter Required

ALBHTTPSecurityActionType (schema)

HTTPSecurityActionType type

Valid ENUM values for ALBHTTPSecurityActionType

Name Description Type Notes
ALBHTTPSecurityActionType HTTPSecurityActionType type

Valid ENUM values for ALBHTTPSecurityActionType		 string Enum: HTTP_SECURITY_ACTION_CLOSE_CONN, HTTP_SECURITY_ACTION_SEND_RESPONSE, HTTP_SECURITY_ACTION_ALLOW, HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS, HTTP_SECURITY_ACTION_RATE_LIMIT, HTTP_SECURITY_ACTION_REQUEST_CHECK_ICAP

ALBHTTPSecurityPolicy (schema)

HTTPSecurityPolicy

Advanced load balancer HTTPSecurityPolicy object

Name Description Type Notes
rules Rules

Add rules to the HTTP security policy.		 array of ALBHTTPSecurityRule

ALBHTTPSecurityRule (schema)

HTTPSecurityRule

Advanced load balancer HTTPSecurityRule object

Name Description Type Notes
action Action

Action to be performed upon successful matching.		 ALBHTTPSecurityAction
enable Enable

Enable or disable the rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Required
Default: "True"
index Index

Index of the rule.		 integer Required
log Log

Log HTTP request upon rule match.		 boolean
match Match

Add match criteria to the rule.		 ALBMatchTarget
name Name

Name of the rule.		 string Required

ALBHTTPServerReselect (schema)

HTTPServerReselect

Advanced load balancer HTTPServerReselect object

Name Description Type Notes
enabled Enabled

Enable HTTP request reselect when server responds with
specific response codes.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Required
Default: "False"
num_retries Num retries

Number of times to retry an HTTP request when server
responds with configured status codes.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.
integer Minimum: 0
Default: "4"
retry_nonidempotent Retry nonidempotent

Allow retry of non-idempotent HTTP requests.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
retry_timeout Retry timeout

Timeout per retry attempt, for a given request.
Value of 0 indicates default timeout.
Allowed values are 0-3600000.
Unit is MILLISECONDS.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 3600000
Default: "0"
svr_resp_code Svr resp code

Server response codes which will trigger an HTTP request
retry.
ALBHTTPReselectRespCode

ALBHTTPStatusMatch (schema)

HTTPStatusMatch

Advanced load balancer HTTPStatusMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for matching the HTTP response status
code(s).
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
ranges Ranges

HTTP response status code range(s).		 array of ALBHTTPStatusRange
status_codes Status codes

HTTP response status code(s).		 array of integer

ALBHTTPStatusRange (schema)

HTTPStatusRange

Advanced load balancer HTTPStatusRange object

Name Description Type Notes
begin Begin

Starting HTTP response status code.		 integer Required
end End

Ending HTTP response status code.		 integer Required

ALBHTTPSwitchingAction (schema)

HTTPSwitchingAction

Advanced load balancer HTTPSwitchingAction object

Name Description Type Notes
action Action

Content switching action type.
Enum options - HTTP_SWITCHING_SELECT_POOL,
HTTP_SWITCHING_SELECT_LOCAL,
HTTP_SWITCHING_SELECT_POOLGROUP.
Allowed in Essentials(Allowed values-
HTTP_SWITCHING_SELECT_POOL,HTTP_SWITCHING_SELECT_LOCAL)
edition, Enterprise edition.
ALBHTTPSwitchingActionType Required
file File

File from which to serve local response to the request.		 ALBHTTPLocalFile
pool_group_path Pool group path

path of the pool group to serve the request.
It is a reference to an object of type PoolGroup.
string
pool_path Pool path

path of the pool of servers to serve the request.
It is a reference to an object of type Pool.
string
server Server

Specific pool server to select.		 ALBPoolServer
status_code Status code

HTTP status code to use when serving local response.
Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200,
HTTP_LOCAL_RESPONSE_STATUS_CODE_204,
HTTP_LOCAL_RESPONSE_STATUS_CODE_403,
HTTP_LOCAL_RESPONSE_STATUS_CODE_404,
HTTP_LOCAL_RESPONSE_STATUS_CODE_429,
HTTP_LOCAL_RESPONSE_STATUS_CODE_501.
ALBHTTPLocalResponseStatusCode

ALBHTTPSwitchingActionType (schema)

HTTPSwitchingActionType type

Valid ENUM values for ALBHTTPSwitchingActionType

Name Description Type Notes
ALBHTTPSwitchingActionType HTTPSwitchingActionType type

Valid ENUM values for ALBHTTPSwitchingActionType		 string Enum: HTTP_SWITCHING_SELECT_POOL, HTTP_SWITCHING_SELECT_LOCAL, HTTP_SWITCHING_SELECT_POOLGROUP

ALBHTTPVersion (schema)

HTTPVersion type

Valid ENUM values for ALBHTTPVersion

Name Description Type Notes
ALBHTTPVersion HTTPVersion type

Valid ENUM values for ALBHTTPVersion		 string Enum: ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO

ALBHTTPVersionMatch (schema)

HTTPVersionMatch

Advanced load balancer HTTPVersionMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for HTTP version matching the version used
in the HTTP request.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
versions Versions

HTTP protocol version.
Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO.
Minimum of 1 items required.
Maximum of 8 items allowed.
Allowed in Basic(Allowed values- ONE_ZERO,ONE_ONE) edition,
Essentials(Allowed values- ONE_ZERO,ONE_ONE) edition,
Enterprise edition.
array of ALBHTTPVersion Required

ALBHardwareSecurityModule (schema)

HardwareSecurityModule

Advanced load balancer HardwareSecurityModule object

Name Description Type Notes
cloudhsm Cloudhsm

AWS CloudHSM specific configuration.		 ALBHSMAwsCloudHsm
nethsm Nethsm

Thales netHSM specific configuration.		 array of ALBHSMThalesNetHsm
rfs Rfs

Thales Remote File Server (RFS), used for the netHSMs,
configuration.
ALBHSMThalesRFS
sluna Sluna

Safenet/Gemalto Luna/Gem specific configuration.		 ALBHSMSafenetLuna
type Type

HSM type to use.
Enum options - HSM_TYPE_THALES_NETHSM,
HSM_TYPE_SAFENET_LUNA, HSM_TYPE_AWS_CLOUDHSM.
ALBHSMType Required

ALBHardwareSecurityModuleGroup (schema)

HardwareSecurityModuleGroup

Advanced load balancer HardwareSecurityModuleGroup object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
hsm Hsm

Hardware Security Module configuration.		 ALBHardwareSecurityModule Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBHardwareSecurityModuleGroup string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBHardwareSecurityModuleGroupApiResponse (schema)

HardwareSecurityModuleGroupApiResponse

HardwareSecurityModuleGroupApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of HardwareSecurityModuleGroup

Array of HardwareSecurityModuleGroup
array of ALBHardwareSecurityModuleGroup
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBHdrMatch (schema)

HdrMatch

Advanced load balancer HdrMatch object

Name Description Type Notes
hdr Hdr

Name of the HTTP header whose value is to be matched.		 string Required
match_case Match case

Case sensitivity to use for the match.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as INSENSITIVE.
ALBMatchCase Default: "INSENSITIVE"
match_criteria Match criteria

Criterion to use for matching headers in the HTTP request.
Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST,
HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS,
HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH,
HDR_EQUALS, HDR_DOES_NOT_EQUAL.
ALBHdrMatchOperation Required
value Value

String values to match in the HTTP header.		 array of string

ALBHdrMatchOperation (schema)

HdrMatchOperation type

Valid ENUM values for ALBHdrMatchOperation

Name Description Type Notes
ALBHdrMatchOperation HdrMatchOperation type

Valid ENUM values for ALBHdrMatchOperation		 string Enum: HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

ALBHdrPersistenceProfile (schema)

HdrPersistenceProfile

Advanced load balancer HdrPersistenceProfile object

Name Description Type Notes
prst_hdr_name Prst hdr name

Header name for custom header persistence.		 string

ALBHealthMonitor (schema)

HealthMonitor

Advanced load balancer HealthMonitor object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allow_duplicate_monitors Allow duplicate monitors

By default, multiple instances of the same healthmonitor to
the same server are suppressed intelligently.
In rare cases, the monitor may have specific constructs
that go beyond the server keys (ip, port, etc.) during which
such suppression is not desired.
Use this knob to allow duplicates.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
boolean
authentication Authentication

Authentication information for username/password.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBHealthMonitorAuthInfo
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
disable_quickstart Disable quickstart

During addition of a server or healthmonitors or during
bootup, Avi performs sequential health checks rather than
waiting for send-interval to kick in, to mark the server up
as soon as possible.
This knob may be used to turn this feature off.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
boolean
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_monitor Dns monitor

Placeholder for description of property dns_monitor of obj
type HealthMonitor field type str type ref.
ALBHealthMonitorDNS
external_monitor External monitor

Placeholder for description of property external_monitor of
obj type HealthMonitor field type str type ref.
ALBHealthMonitorExternal
failed_checks Failed checks

Number of continuous failed health checks before the server
is marked down.
Allowed values are 1-50.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.
integer Minimum: 1
Maximum: 50
Default: "2"
http_monitor Http monitor

Placeholder for description of property http_monitor of obj
type HealthMonitor field type str type ref.
ALBHealthMonitorHttp
https_monitor Https monitor

Placeholder for description of property https_monitor of
obj type HealthMonitor field type str type ref.
ALBHealthMonitorHttp
id Unique identifier of this resource string Sortable
imap_monitor Imap monitor

Health monitor for IMAP.		 ALBHealthMonitorImap
imaps_monitor Imaps monitor

Health monitor for IMAPS.		 ALBHealthMonitorImap
is_federated Is federated

This field describes the object's replication scope.
If the field is set to false, then the object is visible
within the controller-cluster and its associated
service-engines.
If the field is set to true, then the object is replicated
across the federation.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
monitor_port Monitor port

Use this port instead of the port defined for the server in
the Pool.
If the monitor succeeds to this port, the load balanced
traffic will still be sent to the port of the server defined
within the Pool.
Allowed values are 1-65535.
Special values are 0 - 'Use server port'.
integer Minimum: 0
Maximum: 65535
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pop3_monitor Pop3 monitor

Health monitor for POP3.		 ALBHealthMonitorPop3
pop3s_monitor Pop3s monitor

Health monitor for POP3S.		 ALBHealthMonitorPop3
radius_monitor Radius monitor

Health monitor for Radius.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBHealthMonitorRadius
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
receive_timeout Receive timeout

A valid response from the server is expected within the
receive timeout window.
This timeout must be less than the send interval.
If server status is regularly flapping up and down,
consider increasing this value.
Allowed values are 1-2400.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.
integer Minimum: 1
Maximum: 2400
Default: "4"
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBHealthMonitor string
send_interval Send interval

Frequency, in seconds, that monitors are sent to a server.
Allowed values are 1-3600.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Minimum: 1
Maximum: 3600
Default: "10"
sip_monitor Sip monitor

Health monitor for SIP.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBHealthMonitorSIP
smtp_monitor Smtp monitor

Health monitor for SMTP.		 ALBHealthMonitorSmtp
smtps_monitor Smtps monitor

Health monitor for SMTPS.		 ALBHealthMonitorSmtp
successful_checks Successful checks

Number of continuous successful health checks before server
is marked up.
Allowed values are 1-50.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.
integer Minimum: 1
Maximum: 50
Default: "2"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_monitor Tcp monitor

Placeholder for description of property tcp_monitor of obj
type HealthMonitor field type str type ref.
ALBHealthMonitorTcp
type Type

Type of the health monitor.
Enum options - HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP,
HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS,
HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP,
HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB, HEALTH_MONITOR_SIP,
HEALTH_MONITOR_RADIUS, HEALTH_MONITOR_SMTP,
HEALTH_MONITOR_SMTPS, HEALTH_MONITOR_POP3,
HEALTH_MONITOR_POP3S, HEALTH_MONITOR_IMAP,
HEALTH_MONITOR_IMAPS.
Allowed in Basic(Allowed values-
HEALTH_MONITOR_PING,HEALTH_MONITOR_TCP,HEALTH_MONITOR_UDP,HEALTH_MONITOR_HTTP,HEALTH_MONITOR_HTTPS)
edition, Essentials(Allowed values-
HEALTH_MONITOR_PING,HEALTH_MONITOR_TCP,HEALTH_MONITOR_UDP)
edition, Enterprise edition.
ALBHealthMonitorType Required
udp_monitor Udp monitor

Placeholder for description of property udp_monitor of obj
type HealthMonitor field type str type ref.
ALBHealthMonitorUdp
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBHealthMonitorApiResponse (schema)

HealthMonitorApiResponse

HealthMonitorApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of HealthMonitor

Array of HealthMonitor
array of ALBHealthMonitor
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBHealthMonitorAuthInfo (schema)

HealthMonitorAuthInfo

Advanced load balancer HealthMonitorAuthInfo object

Name Description Type Notes
password Password

Password for server authentication.		 string Required
username Username

Username for server authentication.		 string Required

ALBHealthMonitorAuthType (schema)

HealthMonitorAuthType type

Valid ENUM values for ALBHealthMonitorAuthType

Name Description Type Notes
ALBHealthMonitorAuthType HealthMonitorAuthType type

Valid ENUM values for ALBHealthMonitorAuthType		 string Enum: AUTH_BASIC, AUTH_NTLM

ALBHealthMonitorDNS (schema)

HealthMonitorDNS

Advanced load balancer HealthMonitorDNS object

Name Description Type Notes
qtype Qtype

Query_Type Response has atleast one answer of which
the resource record type matches the query type Any_Type
Response should contain atleast one answer AnyThing An
empty answer is enough.
Enum options - DNS_QUERY_TYPE, DNS_ANY_TYPE, DNS_ANY_THING.
Default value when not specified in API or module is
interpreted by ALB Controller as DNS_QUERY_TYPE.
ALBHealthMonitorDNSQueryType Default: "DNS_QUERY_TYPE"
query_name Query name

The DNS monitor will query the DNS server for the fully
qualified name in this field.
string Required
rcode Rcode

When No Error is selected, a DNS query will be marked
failed is any error code is returned by the server.
With Any selected, the monitor ignores error code in the
responses.
Enum options - RCODE_NO_ERROR, RCODE_ANYTHING.
Default value when not specified in API or module is
interpreted by ALB Controller as RCODE_NO_ERROR.
ALBHealthMonitorDNSRcode Default: "RCODE_NO_ERROR"
record_type Record type

Resource record type used in the healthmonitor DNS query,
only A or AAAA type supported.
Enum options - DNS_RECORD_OTHER, DNS_RECORD_A,
DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA,
DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX,
DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY,
DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT,
DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY.
Default value when not specified in API or module is
interpreted by ALB Controller as DNS_RECORD_A.
ALBDnsRecordType Default: "DNS_RECORD_A"
response_string Response string

The resource record of the queried DNS server's response
for the Request Name must include the IP address defined in
this field.
string

ALBHealthMonitorDNSQueryType (schema)

HealthMonitorDNSQueryType type

Valid ENUM values for ALBHealthMonitorDNSQueryType

Name Description Type Notes
ALBHealthMonitorDNSQueryType HealthMonitorDNSQueryType type

Valid ENUM values for ALBHealthMonitorDNSQueryType		 string Enum: DNS_QUERY_TYPE, DNS_ANY_TYPE, DNS_ANY_THING

ALBHealthMonitorDNSRcode (schema)

HealthMonitorDNSRcode type

Valid ENUM values for ALBHealthMonitorDNSRcode

Name Description Type Notes
ALBHealthMonitorDNSRcode HealthMonitorDNSRcode type

Valid ENUM values for ALBHealthMonitorDNSRcode		 string Enum: RCODE_NO_ERROR, RCODE_ANYTHING

ALBHealthMonitorExternal (schema)

HealthMonitorExternal

Advanced load balancer HealthMonitorExternal object

Name Description Type Notes
command_code Command code

Command script provided inline.		 string Required
command_parameters Command parameters

Optional arguments to feed into the script.		 string
command_path Command path

Path of external health monitor script.		 string
command_variables Command variables

Environment variables to be fed into the script.		 string

ALBHealthMonitorHttp (schema)

HealthMonitorHttp

Advanced load balancer HealthMonitorHttp object

Name Description Type Notes
auth_type Auth type

Type of the authentication method.
Enum options - AUTH_BASIC, AUTH_NTLM.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBHealthMonitorAuthType
exact_http_request Exact http request

Use the exact http_request string as specified by user,
without any automatic insert of headers like Host header.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
http_request Http request

Send an HTTP request to the server.
The default GET / HTTP/1.0 may be extended with additional
headers or information.
For instance, GET /index.htm HTTP/1.1 Host www.site.com
Connection Close.
Default value when not specified in API or module is
interpreted by ALB Controller as GET / HTTP/1.0.
string Default: "GET / HTTP/1.0"
http_request_body Http request body

HTTP request body.		 string
http_response Http response

Match for a keyword in the first 2Kb of the server header
and body response.
string
http_response_code Http response code

List of HTTP response codes to match as successful.
Default is 2xx.
Enum options - HTTP_ANY, HTTP_1XX, HTTP_2XX, HTTP_3XX,
HTTP_4XX, HTTP_5XX.
Minimum of 1 items required.
array of ALBHttpResponseCode Required
maintenance_code Maintenance code

Match or look for this HTTP response code indicating server
maintenance.
A successful match results in the server being marked down.
Allowed values are 101-599.
Maximum of 4 items allowed.
array of integer
maintenance_response Maintenance response

Match or look for this keyword in the first 2KB of server
header and body response indicating server maintenance.
A successful match results in the server being marked down.
string
response_size Response size

Expected http/https response page size.
Allowed values are 2048-16384.
integer Minimum: 2048
Maximum: 16384
ssl_attributes Ssl attributes

SSL attributes for HTTPS health monitor.		 ALBHealthMonitorSSLAttributes

ALBHealthMonitorImap (schema)

HealthMonitorImap

Advanced load balancer HealthMonitorImap object

Name Description Type Notes
folder Folder

Folder to access.		 string
ssl_attributes Ssl attributes

SSL attributes for IMAPS monitor.		 ALBHealthMonitorSSLAttributes

ALBHealthMonitorPop3 (schema)

HealthMonitorPop3

Advanced load balancer HealthMonitorPop3 object

Name Description Type Notes
ssl_attributes Ssl attributes

SSL attributes for POP3S monitor.		 ALBHealthMonitorSSLAttributes

ALBHealthMonitorRadius (schema)

HealthMonitorRadius

Advanced load balancer HealthMonitorRadius object

Name Description Type Notes
password Password

Radius monitor will query Radius server with this password.		 string Required
shared_secret Shared secret

Radius monitor will query Radius server with this shared
secret.
string Required
username Username

Radius monitor will query Radius server with this username.		 string Required

ALBHealthMonitorSIP (schema)

HealthMonitorSIP

Advanced load balancer HealthMonitorSIP object

Name Description Type Notes
sip_monitor_transport Sip monitor transport

Specify the transport protocol TCP or UDP, to be used for
SIP health monitor.
The default transport is UDP.
Enum options - SIP_UDP_PROTO, SIP_TCP_PROTO.
Default value when not specified in API or module is
interpreted by ALB Controller as SIP_UDP_PROTO.
ALBSipMonTransport Default: "SIP_UDP_PROTO"
sip_request_code Sip request code

Specify the SIP request to be sent to the server.
By default, SIP OPTIONS request will be sent.
Enum options - SIP_OPTIONS.
Default value when not specified in API or module is
interpreted by ALB Controller as SIP_OPTIONS.
ALBSipRequestCode Default: "SIP_OPTIONS"
sip_response Sip response

Match for a keyword in the first 2KB of the server header
and body response.
By default, it matches for SIP/2.0.
Default value when not specified in API or module is
interpreted by ALB Controller as SIP/2.0.
string Default: "SIP/2.0"

ALBHealthMonitorSSLAttributes (schema)

HealthMonitorSSLAttributes

Advanced load balancer HealthMonitorSSLAttributes object

Name Description Type Notes
pki_profile_path Pki profile path

PKI profile used to validate the SSL certificate presented
by a server.
It is a reference to an object of type PKIProfile.
string
server_name Server name

Fully qualified DNS hostname which will be used in the TLS
SNI extension in server connections indicating SNI is
enabled.
string
ssl_key_and_certificate_path Ssl key and certificate path

Service engines will present this SSL certificate to the
server.
It is a reference to an object of type
SSLKeyAndCertificate.
string
ssl_profile_path Ssl profile path

SSL profile defines ciphers and SSL versions to be used for
healthmonitor traffic to the back-end servers.
It is a reference to an object of type SSLProfile.
string Required

ALBHealthMonitorSmtp (schema)

HealthMonitorSmtp

Advanced load balancer HealthMonitorSmtp object

Name Description Type Notes
domainname Domainname

Sender domain name.		 string
mail_data Mail data

Mail data.		 string
recipients_ids Recipients ids

Mail recipients.		 array of string
sender_id Sender id

Mail sender.		 string
ssl_attributes Ssl attributes

SSL attributes for SMTPS monitor.		 ALBHealthMonitorSSLAttributes

ALBHealthMonitorTcp (schema)

HealthMonitorTcp

Advanced load balancer HealthMonitorTcp object

Name Description Type Notes
maintenance_response Maintenance response

Match or look for this keyword in the first 2KB of server's
response indicating server maintenance.
A successful match results in the server being marked down.
string
tcp_half_open Tcp half open

Configure TCP health monitor to use half-open TCP
connections to monitor the health of backend servers thereby
avoiding consumption of a full fledged server side
connection and the overhead and logs associated with it.
This method is light-weight as it makes use of listener in
server's kernel layer to measure the health and a child
socket or user thread is not created on the server side.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
tcp_request Tcp request

Request data to send after completing the TCP handshake.		 string
tcp_response Tcp response

Match for the desired keyword in the first 2Kb of the
server's TCP response.
If this field is left blank, no server response is
required.
string

ALBHealthMonitorType (schema)

HealthMonitorType type

Valid ENUM values for ALBHealthMonitorType

Name Description Type Notes
ALBHealthMonitorType HealthMonitorType type

Valid ENUM values for ALBHealthMonitorType		 string Enum: HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP, HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS, HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP, HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB, HEALTH_MONITOR_SIP, HEALTH_MONITOR_RADIUS, HEALTH_MONITOR_SMTP, HEALTH_MONITOR_SMTPS, HEALTH_MONITOR_POP3, HEALTH_MONITOR_POP3S, HEALTH_MONITOR_IMAP, HEALTH_MONITOR_IMAPS

ALBHealthMonitorUdp (schema)

HealthMonitorUdp

Advanced load balancer HealthMonitorUdp object

Name Description Type Notes
maintenance_response Maintenance response

Match or look for this keyword in the first 2KB of server's
response indicating server maintenance.
A successful match results in the server being marked down.
string
udp_request Udp request

Send UDP request.		 string
udp_response Udp response

Match for keyword in the UDP response.		 string

ALBHostHdrMatch (schema)

HostHdrMatch

Advanced load balancer HostHdrMatch object

Name Description Type Notes
match_case Match case

Case sensitivity to use for the match.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as INSENSITIVE.
ALBMatchCase Default: "INSENSITIVE"
match_criteria Match criteria

Criterion to use for the host header value match.
Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST,
HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS,
HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH,
HDR_EQUALS, HDR_DOES_NOT_EQUAL.
ALBHdrMatchOperation Required
value Value

String value(s) in the host header.		 array of string

ALBHttpCacheConfig (schema)

HttpCacheConfig

Advanced load balancer HttpCacheConfig object

Name Description Type Notes
age_header Age header

Add an Age header to content served from cache, which
indicates to the client the number of seconds the object has
been in the cache.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
aggressive Aggressive

Enable/disable caching objects without Cache-Control
headers.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
date_header Date header

If a Date header was not added by the server, add a Date
header to the object served from cache.
This indicates to the client when the object was originally
sent by the server to the cache.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
default_expire Default expire

Default expiration time of cache objects received from the
server without a Cache-Control expiration header.
This value may be overwritten by the Heuristic Expire
setting.
Default value when not specified in API or module is
interpreted by ALB Controller as 600.
integer Default: "600"
enabled Enabled

Enable/disable HTTP object caching.When enabling caching
for the first time, SE Group app_cache_percent must be set
to allocate shared memory required for caching (A service
engine restart is needed after setting/resetting the SE
group value).
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
heuristic_expire Heuristic expire

If a response object from the server does not include the
Cache-Control header, but does include a Last-Modified
header, the system will use this time to calculate the
Cache-Control expiration.
If unable to solicit an Last-Modified header, then the
system will fall back to the Cache Expire Time value.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
ignore_request_cache_control Ignore request cache control

Ignore client's cache control headers when fetching or
storing from and to the cache.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
max_cache_size Max cache size

Max size, in bytes, of the cache.
The default, zero, indicates auto configuration.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
max_object_size Max object size

Maximum size of an object to store in the cache.
Default value when not specified in API or module is
interpreted by ALB Controller as 4194304.
integer Default: "4194304"
mime_types_block_group_paths Mime types block group paths

Blocklist string group of non-cacheable mime types.
It is a reference to an object of type StringGroup.
array of string
mime_types_block_lists Mime types block lists

Blocklist of non-cacheable mime types.		 array of string
mime_types_group_paths Mime types group paths

Allowlist string group of cacheable mime types.
If both Cacheable Mime Types string list and string group
are empty, this defaults to (STAR)/(STAR).
It is a reference to an object of type StringGroup.
array of string
mime_types_list Mime types list

Allowlist of cacheable mime types.
If both Cacheable Mime Types string list and string group
are empty, this defaults to (STAR)/(STAR).
array of string
min_object_size Min object size

Minimum size of an object to store in the cache.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Default: "100"
query_cacheable Query cacheable

Allow caching of objects whose URI included a query
argument.
When disabled, these objects are not cached.
When enabled, the request must match the URI query to be
considered a hit.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
uri_non_cacheable Uri non cacheable

Non-cacheable URI configuration with match criteria.		 ALBPathMatch
xcache_header Xcache header

Add an X-Cache header to content served from cache, which
indicates to the client that the object was served from an
intermediate cache.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBHttpCookiePersistenceKey (schema)

HttpCookiePersistenceKey

Advanced load balancer HttpCookiePersistenceKey object

Name Description Type Notes
aes_key Aes key

aes_key of HttpCookiePersistenceKey.		 string
hmac_key Hmac key

hmac_key of HttpCookiePersistenceKey.		 string
name Name

name to use for cookie encryption.		 string

ALBHttpCookiePersistenceProfile (schema)

HttpCookiePersistenceProfile

Advanced load balancer HttpCookiePersistenceProfile object

Name Description Type Notes
always_send_cookie Always send cookie

If no persistence cookie was received from the client,
always send it.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
cookie_name Cookie name

HTTP cookie name for cookie persistence.		 string
encryption_key Encryption key

Key name to use for cookie encryption.		 string
key Key

Placeholder for description of property key of obj type
HttpCookiePersistenceProfile field type str type array.
array of ALBHttpCookiePersistenceKey
timeout Timeout

The maximum lifetime of any session cookie.
No value or 'zero' indicates no timeout.
Allowed values are 1-14400.
Special values are 0- 'No Timeout'.
Unit is MIN.
integer Minimum: 0
Maximum: 14400

ALBHttpReselectRespCodeBlock (schema)

HttpReselectRespCodeBlock type

Valid ENUM values for ALBHttpReselectRespCodeBlock

Name Description Type Notes
ALBHttpReselectRespCodeBlock HttpReselectRespCodeBlock type

Valid ENUM values for ALBHttpReselectRespCodeBlock		 string Enum: HTTP_RSP_4XX, HTTP_RSP_5XX

ALBHttpResponseCode (schema)

HttpResponseCode type

Valid ENUM values for ALBHttpResponseCode

Name Description Type Notes
ALBHttpResponseCode HttpResponseCode type

Valid ENUM values for ALBHttpResponseCode		 string Enum: HTTP_ANY, HTTP_1XX, HTTP_2XX, HTTP_3XX, HTTP_4XX, HTTP_5XX

ALBIPNetworkSubnet (schema)

IPNetworkSubnet

Advanced load balancer IPNetworkSubnet object

Name Description Type Notes
network_name Network name

Network for VirtualService IP allocation with Vantage as
the IPAM provider.
Network should be created before this is configured.
It is a reference to an object of type Network.
string
subnet Subnet

Subnet for VirtualService IP allocation with Vantage or
Infoblox as the IPAM provider.
Only one of subnet or subnet_uuid configuration is allowed.
ALBIpAddrPrefix
subnet6 Subnet6

Subnet for VirtualService IPv6 allocation with Vantage or
Infoblox as the IPAM provider.
Only one of subnet or subnet_uuid configuration is allowed.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBIpAddrPrefix
subnet6_uuid Subnet6 uuid

Subnet UUID or Name or Prefix for VirtualService IPv6
allocation with AWS or OpenStack as the IPAM provider.
Only one of subnet or subnet_uuid configuration is allowed.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
subnet_uuid Subnet uuid

Subnet UUID or Name or Prefix for VirtualService IP
allocation with AWS or OpenStack as the IPAM provider.
Only one of subnet or subnet_uuid configuration is allowed.
string

ALBIPPersistenceProfile (schema)

IPPersistenceProfile

Advanced load balancer IPPersistenceProfile object

Name Description Type Notes
ip_mask Ip mask

Mask to be applied on client IP.
This may be used to persist clients from a subnet to the
same server.
When set to 0, all requests are sent to the same server.
Allowed values are 0-128.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
integer Minimum: 0
Maximum: 128
ip_persistent_timeout Ip persistent timeout

The length of time after a client's connections have closed
before expiring the client's persistence to a server.
Allowed values are 1-720.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.
integer Minimum: 1
Maximum: 720
Default: "5"

ALBIdleConnectionType (schema)

IdleConnectionType type

Valid ENUM values for ALBIdleConnectionType

Name Description Type Notes
ALBIdleConnectionType IdleConnectionType type

Valid ENUM values for ALBIdleConnectionType		 string Enum: KEEP_ALIVE, CLOSE_IDLE

ALBIpAddr (schema)

IpAddr

Advanced load balancer IpAddr object

Name Description Type Notes
addr Addr

IP address.		 string Required
type Type

Enum options - V4, DNS, V6.		 ALBIpAddrType Required

ALBIpAddrGroup (schema)

IpAddrGroup

Advanced load balancer IpAddrGroup object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
addrs Addrs

Configure IP address(es).		 array of ALBIpAddr
apic_epg_name Apic epg name

Populate IP addresses from members of this Cisco APIC EPG.		 string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
country_codes Country codes

Populate the IP address ranges from the geo database for
this country.
array of string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_ports Ip ports

Configure (IP address, port) tuple(s).		 array of ALBIpAddrPort
marathon_app_name Marathon app name

Populate IP addresses from tasks of this Marathon app.		 string
marathon_service_port Marathon service port

Task port associated with marathon service port.
If Marathon app has multiple service ports, this is
required.
Else, the first task port is used.
integer
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
prefixes Prefixes

Configure IP address prefix(es).		 array of ALBIpAddrPrefix
ranges Ranges

Configure IP address range(s).		 array of ALBIpAddrRange
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBIpAddrGroup string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBIpAddrGroupApiResponse (schema)

IpAddrGroupApiResponse

IpAddrGroupApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of IpAddrGroup

Array of IpAddrGroup
array of ALBIpAddrGroup
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBIpAddrMatch (schema)

IpAddrMatch

Advanced load balancer IpAddrMatch object

Name Description Type Notes
addrs Addrs

IP address(es).		 array of ALBIpAddr
group_paths Group paths

path of IP address group(s).
It is a reference to an object of type IpAddrGroup.
array of string
match_criteria Match criteria

Criterion to use for IP address matching the HTTP request.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
prefixes Prefixes

IP address prefix(es).		 array of ALBIpAddrPrefix
ranges Ranges

IP address range(s).		 array of ALBIpAddrRange

ALBIpAddrPort (schema)

IpAddrPort

Advanced load balancer IpAddrPort object

Name Description Type Notes
hostname Hostname

Hostname of server.
One of IP address or hostname should be set.
string
ip Ip

IP Address of host.
One of IP address or hostname should be set.
ALBIpAddr
name Name

Name of the object.		 string
port Port

Port number of server.
Allowed values are 1-65535.
integer Required
Minimum: 1
Maximum: 65535

ALBIpAddrPrefix (schema)

IpAddrPrefix

Advanced load balancer IpAddrPrefix object

Name Description Type Notes
ip_addr Ip addr

Placeholder for description of property ip_addr of obj type
IpAddrPrefix field type str type ref.
ALBIpAddr Required
mask Mask

Number of mask.		 integer Required

ALBIpAddrRange (schema)

IpAddrRange

Advanced load balancer IpAddrRange object

Name Description Type Notes
begin Begin

Starting IP address of the range.		 ALBIpAddr Required
end End

Ending IP address of the range.		 ALBIpAddr Required

ALBIpAddrType (schema)

IpAddrType type

Valid ENUM values for ALBIpAddrType

Name Description Type Notes
ALBIpAddrType IpAddrType type

Valid ENUM values for ALBIpAddrType		 string Enum: V4, DNS, V6

ALBIpAddressVersions (schema)

IpAddressVersions type

Valid ENUM values for ALBIpAddressVersions

Name Description Type Notes
ALBIpAddressVersions IpAddressVersions type

Valid ENUM values for ALBIpAddressVersions		 string Enum: V4_ONLY, V6_ONLY, V4_V6

ALBKeyValue (schema)

KeyValue

Advanced load balancer KeyValue object

Name Description Type Notes
key Key

Key.		 string Required
value Value

Value.		 string

ALBL4ConnectionPolicy (schema)

L4ConnectionPolicy

Advanced load balancer L4ConnectionPolicy object

Name Description Type Notes
rules Rules

Rules to apply when a new transport connection is setup.		 array of ALBL4Rule

ALBL4Policies (schema)

L4Policies

Advanced load balancer L4Policies object

Name Description Type Notes
index Index

Index of the virtual service L4 policy set.		 integer Required
l4_policy_set_path L4 policy set path

ID of the virtual service L4 policy set.
It is a reference to an object of type L4PolicySet.
string Required

ALBL4PolicySet (schema)

L4PolicySet

Advanced load balancer L4PolicySet object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
created_by Created by

Creator name.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_internal_policy Is internal policy

Placeholder for description of property is_internal_policy
of obj type L4PolicySet field type str type boolean.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
l4_connection_policy L4 connection policy

Policy to apply when a new transport connection is setup.		 ALBL4ConnectionPolicy
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBL4PolicySet string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBL4PolicySetApiResponse (schema)

L4PolicySetApiResponse

L4PolicySetApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of L4PolicySet

Array of L4PolicySet
array of ALBL4PolicySet
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBL4Rule (schema)

L4Rule

Advanced load balancer L4Rule object

Name Description Type Notes
action Action

Action to be performed upon successful rule match.		 ALBL4RuleAction
enable Enable

Enable or disable the rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
index Index

Index of the rule.		 integer Required
match Match

Match criteria of the rule.		 ALBL4RuleMatchTarget
name Name

Name of the rule.		 string Required

ALBL4RuleAction (schema)

L4RuleAction

Advanced load balancer L4RuleAction object

Name Description Type Notes
select_pool Select pool

Indicates pool or pool-group selection on rule match.		 ALBL4RuleActionSelectPool

ALBL4RuleActionSelectPool (schema)

L4RuleActionSelectPool

Advanced load balancer L4RuleActionSelectPool object

Name Description Type Notes
action_type Action type

Indicates action to take on rule match.
Enum options - L4_RULE_ACTION_SELECT_POOL,
L4_RULE_ACTION_SELECT_POOLGROUP.
Allowed in Basic(Allowed values-
L4_RULE_ACTION_SELECT_POOL) edition, Essentials(Allowed
values- L4_RULE_ACTION_SELECT_POOL) edition, Enterprise
edition.
ALBL4RuleActionSelectPoolType Required
pool_group_path Pool group path

ID of the pool group to serve the request.
It is a reference to an object of type PoolGroup.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
pool_path Pool path

ID of the pool of servers to serve the request.
It is a reference to an object of type Pool.
string

ALBL4RuleActionSelectPoolType (schema)

L4RuleActionSelectPoolType type

Valid ENUM values for ALBL4RuleActionSelectPoolType

Name Description Type Notes
ALBL4RuleActionSelectPoolType L4RuleActionSelectPoolType type

Valid ENUM values for ALBL4RuleActionSelectPoolType		 string Enum: L4_RULE_ACTION_SELECT_POOL, L4_RULE_ACTION_SELECT_POOLGROUP

ALBL4RuleMatchTarget (schema)

L4RuleMatchTarget

Advanced load balancer L4RuleMatchTarget object

Name Description Type Notes
client_ip Client ip

IP addresses to match against client IP.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBIpAddrMatch
port Port

Port number to match against Virtual Service listner port.		 ALBL4RulePortMatch
protocol Protocol

TCP/UDP/ICMP protocol to match against transport protocol.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBL4RuleProtocolMatch

ALBL4RulePortMatch (schema)

L4RulePortMatch

Advanced load balancer L4RulePortMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for Virtual Service port matching.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
port_ranges Port ranges

Range of TCP/UDP port numbers of the Virtual Service.		 array of ALBPortRange
ports Ports

Virtual Service's listening port(s).
Allowed values are 1-65535.
array of integer

ALBL4RuleProtocolMatch (schema)

L4RuleProtocolMatch

Advanced load balancer L4RuleProtocolMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for transport protocol matching.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
protocol Protocol

Transport protocol to match.
Enum options - PROTOCOL_ICMP, PROTOCOL_TCP, PROTOCOL_UDP.
ALBProtocol Required

ALBLbAlgorithm (schema)

LbAlgorithm type

Valid ENUM values for ALBLbAlgorithm

Name Description Type Notes
ALBLbAlgorithm LbAlgorithm type

Valid ENUM values for ALBLbAlgorithm		 string Enum: LB_ALGORITHM_LEAST_CONNECTIONS, LB_ALGORITHM_ROUND_ROBIN, LB_ALGORITHM_FASTEST_RESPONSE, LB_ALGORITHM_CONSISTENT_HASH, LB_ALGORITHM_LEAST_LOAD, LB_ALGORITHM_FEWEST_SERVERS, LB_ALGORITHM_RANDOM, LB_ALGORITHM_FEWEST_TASKS, LB_ALGORITHM_NEAREST_SERVER, LB_ALGORITHM_CORE_AFFINITY, LB_ALGORITHM_TOPOLOGY

ALBLbAlgorithmConsistentHash (schema)

LbAlgorithmConsistentHash type

Valid ENUM values for ALBLbAlgorithmConsistentHash

Name Description Type Notes
ALBLbAlgorithmConsistentHash LbAlgorithmConsistentHash type

Valid ENUM values for ALBLbAlgorithmConsistentHash		 string Enum: LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS, LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT, LB_ALGORITHM_CONSISTENT_HASH_URI, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_STRING, LB_ALGORITHM_CONSISTENT_HASH_CALLID

ALBLdapAuthSettings (schema)

LdapAuthSettings

Advanced load balancer LdapAuthSettings object

Name Description Type Notes
base_dn Base dn

The LDAP base DN.
For example, avinetworks.com would be
DC=avinetworks,DC=com.
string
bind_as_administrator Bind as administrator

LDAP administrator credentials are used to search for users
and group memberships.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
email_attribute Email attribute

LDAP attribute that refers to user email.
Default value when not specified in API or module is
interpreted by ALB Controller as email.
string Default: "email"
full_name_attribute Full name attribute

LDAP attribute that refers to user's full name.
Default value when not specified in API or module is
interpreted by ALB Controller as name.
string Default: "name"
port Port

Query the LDAP servers on this port.
Default value when not specified in API or module is
interpreted by ALB Controller as 389.
integer Default: "389"
security_mode Security mode

LDAP connection security mode.
Enum options - AUTH_LDAP_SECURE_NONE,
AUTH_LDAP_SECURE_USE_LDAPS.
ALBAuthLdapSecurityMode
server Server

LDAP server IP address or Hostname.
Use IP address if an auth profile is used to configure
Virtual Service.
Minimum of 1 items required.
array of string Required
settings Settings

LDAP full directory configuration with administrator
credentials.
ALBLdapDirectorySettings
user_bind User bind

LDAP anonymous bind configuration.		 ALBLdapUserBindSettings

ALBLdapDirectorySettings (schema)

LdapDirectorySettings

Advanced load balancer LdapDirectorySettings object

Name Description Type Notes
admin_bind_dn Admin bind dn

LDAP Admin User DN.
Administrator credentials are required to search for users
under user search DN or groups under group search DN.
string
group_filter Group filter

Group filter is used to identify groups during search.
Default value when not specified in API or module is
interpreted by ALB Controller as (objectClass=(STAR)).
string Default: "(objectClass=*)"
group_member_attribute Group member attribute

LDAP group attribute that identifies each of the group
members.
Default value when not specified in API or module is
interpreted by ALB Controller as member.
string Default: "member"
group_member_is_full_dn Group member is full dn

Group member entries contain full DNs instead of just user
id attribute values.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
group_search_dn Group search dn

LDAP group search DN is the root of search for a given
group in the LDAP directory.
Only matching groups present in this LDAP directory
sub-tree will be checked for user membership.
string
group_search_scope Group search scope

LDAP group search scope defines how deep to search for the
group starting from the group search DN.
Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE,
AUTH_LDAP_SCOPE_SUBTREE.
Default value when not specified in API or module is
interpreted by ALB Controller as AUTH_LDAP_SCOPE_SUBTREE.
ALBAuthLdapSearchScope Default: "AUTH_LDAP_SCOPE_SUBTREE"
ignore_referrals Ignore referrals

During user or group search, ignore searching referrals.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
password Password

LDAP Admin User Password.		 string
user_attributes User attributes

LDAP user attributes to fetch on a successful user bind.		 array of string
user_id_attribute User id attribute

LDAP user id attribute is the login attribute that uniquely
identifies a single user record.
string
user_search_dn User search dn

LDAP user search DN is the root of search for a given user
in the LDAP directory.
Only user records present in this LDAP directory sub-tree
will be validated.
string
user_search_scope User search scope

LDAP user search scope defines how deep to search for the
user starting from user search DN.
Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE,
AUTH_LDAP_SCOPE_SUBTREE.
Default value when not specified in API or module is
interpreted by ALB Controller as AUTH_LDAP_SCOPE_ONE.
ALBAuthLdapSearchScope Default: "AUTH_LDAP_SCOPE_ONE"

ALBLdapUserBindSettings (schema)

LdapUserBindSettings

Advanced load balancer LdapUserBindSettings object

Name Description Type Notes
dn_template Dn template

LDAP user DN pattern is used to bind LDAP user after
replacing the user token with real username.
string
token Token

LDAP token is replaced with real user name in the user DN
pattern.
Default value when not specified in API or module is
interpreted by ALB Controller as .
string Default: ""
user_attributes User attributes

LDAP user attributes to fetch on a successful user bind.		 array of string
user_id_attribute User id attribute

LDAP user id attribute is the login attribute that uniquely
identifies a single user record.
string

ALBLocationHdrMatch (schema)

LocationHdrMatch

Advanced load balancer LocationHdrMatch object

Name Description Type Notes
match_case Match case

Case sensitivity to use for the match.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as INSENSITIVE.
ALBMatchCase Default: "INSENSITIVE"
match_criteria Match criteria

Criterion to use for matching location header value in the
HTTP response.
Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST,
HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS,
HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH,
HDR_EQUALS, HDR_DOES_NOT_EQUAL.
ALBHdrMatchOperation Required
value Value

String value(s) in the location header.		 array of string

ALBLogAction (schema)

LogAction type

Valid ENUM values for ALBLogAction

Name Description Type Notes
ALBLogAction LogAction type

Valid ENUM values for ALBLogAction		 string Enum: LOG_FIELD_REMOVE, LOG_FIELD_MASKOFF

ALBLogStreamingFormatType (schema)

LogStreamingFormatType type

Valid ENUM values for ALBLogStreamingFormatType

Name Description Type Notes
ALBLogStreamingFormatType LogStreamingFormatType type

Valid ENUM values for ALBLogStreamingFormatType		 string Enum: LOG_STREAMING_FORMAT_JSON_FULL, LOG_STREAMING_FORMAT_JSON_SELECTED

ALBLogsProcessingType (schema)

LogsProcessingType type

Valid ENUM values for ALBLogsProcessingType

Name Description Type Notes
ALBLogsProcessingType LogsProcessingType type

Valid ENUM values for ALBLogsProcessingType		 string Enum: LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND

ALBLogsType (schema)

LogsType type

Valid ENUM values for ALBLogsType

Name Description Type Notes
ALBLogsType LogsType type

Valid ENUM values for ALBLogsType		 string Enum: LOGS_SIGNIFICANT_ONLY, LOGS_UDF_ONLY, LOGS_UDF_SIGNIFICANT, LOGS_ALL

ALBMatchCase (schema)

MatchCase type

Valid ENUM values for ALBMatchCase

Name Description Type Notes
ALBMatchCase MatchCase type

Valid ENUM values for ALBMatchCase		 string Enum: SENSITIVE, INSENSITIVE

ALBMatchOperation (schema)

MatchOperation type

Valid ENUM values for ALBMatchOperation

Name Description Type Notes
ALBMatchOperation MatchOperation type

Valid ENUM values for ALBMatchOperation		 string Enum: IS_IN, IS_NOT_IN

ALBMatchReplacePair (schema)

MatchReplacePair

Advanced load balancer MatchReplacePair object

Name Description Type Notes
match_string Match string

String to be matched.		 string Required
replacement_string Replacement string

Replacement string.		 ALBReplaceStringVar

ALBMatchTarget (schema)

MatchTarget

Advanced load balancer MatchTarget object

Name Description Type Notes
client_ip Client ip

Configure client ip addresses.		 ALBIpAddrMatch
cookie Cookie

Configure HTTP cookie(s).		 ALBCookieMatch
hdrs Hdrs

Configure HTTP header(s).		 array of ALBHdrMatch
host_hdr Host hdr

Configure the host header.		 ALBHostHdrMatch
method Method

Configure HTTP methods.		 ALBMethodMatch
path Path

Configure request paths.		 ALBPathMatch
protocol Protocol

Configure the type of HTTP protocol.		 ALBProtocolMatch
query Query

Configure request query.		 ALBQueryMatch
version Version

Configure versions of the HTTP protocol.		 ALBHTTPVersionMatch
vs_port Vs port

Configure virtual service ports.		 ALBPortMatch

ALBMethodMatch (schema)

MethodMatch

Advanced load balancer MethodMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for HTTP method matching the method in the
HTTP request.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
methods Methods

Configure HTTP method(s).
Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD,
HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST,
HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT,
HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND,
HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY,
HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK.
Minimum of 1 items required.
Maximum of 16 items allowed.
Allowed in Basic(Allowed values-
HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS)
edition, Essentials(Allowed values-
HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS)
edition, Enterprise edition.
array of ALBHTTPMethod Required

ALBMetricsRealTimeUpdate (schema)

MetricsRealTimeUpdate

Advanced load balancer MetricsRealTimeUpdate object

Name Description Type Notes
duration Duration

Real time metrics collection duration in minutes.
0 for infinite.
Special values are 0 - 'infinite'.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 30.
integer Default: "30"
enabled Enabled

Enables real time metrics collection.
When deactivated, 6 hour view is the most granular the
system will track.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Required
Default: "False"

ALBMicroServiceMatch (schema)

MicroServiceMatch

Advanced load balancer MicroServiceMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for Micro Service matching the HTTP
request.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required

ALBNetworkFilter (schema)

NetworkFilter

Advanced load balancer NetworkFilter object

Name Description Type Notes
server_filter Server filter

server_filter of NetworkFilter.		 string

ALBNetworkProfile (schema)

NetworkProfile

Advanced load balancer NetworkProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
connection_mirror Connection mirror

When enabled, Avi mirrors all TCP fastpath connections to
standby.
Applicable only in Legacy HA Mode.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile Profile

Placeholder for description of property profile of obj type
NetworkProfile field type str type ref.
ALBNetworkProfileUnion Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBNetworkProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBNetworkProfileApiResponse (schema)

NetworkProfileApiResponse

NetworkProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of NetworkProfile

Array of NetworkProfile
array of ALBNetworkProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBNetworkProfileUnion (schema)

NetworkProfileUnion

Advanced load balancer NetworkProfileUnion object

Name Description Type Notes
tcp_fast_path_profile Tcp fast path profile

Placeholder for description of property
tcp_fast_path_profile of obj type NetworkProfileUnion field
type str type ref.
ALBTCPFastPathProfile
tcp_proxy_profile Tcp proxy profile

Placeholder for description of property tcp_proxy_profile
of obj type NetworkProfileUnion field type str type ref.
ALBTCPProxyProfile
type Type

Configure one of either proxy or fast path profiles.
Enum options - PROTOCOL_TYPE_TCP_PROXY,
PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH,
PROTOCOL_TYPE_UDP_PROXY.
Allowed in Basic(Allowed values-
PROTOCOL_TYPE_TCP_PROXY,PROTOCOL_TYPE_TCP_FAST_PATH,PROTOCOL_TYPE_UDP_FAST_PATH)
edition, Essentials(Allowed values-
PROTOCOL_TYPE_TCP_FAST_PATH,PROTOCOL_TYPE_UDP_FAST_PATH)
edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as PROTOCOL_TYPE_TCP_PROXY.
ALBProtocolType Required
Default: "PROTOCOL_TYPE_TCP_PROXY"
udp_fast_path_profile Udp fast path profile

Placeholder for description of property
udp_fast_path_profile of obj type NetworkProfileUnion field
type str type ref.
ALBUDPFastPathProfile
udp_proxy_profile Udp proxy profile

Configure UDP Proxy network profile.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBUDPProxyProfile

ALBNetworkSecurityMatchTarget (schema)

NetworkSecurityMatchTarget

Advanced load balancer NetworkSecurityMatchTarget object

Name Description Type Notes
client_ip Client ip

Placeholder for description of property client_ip of obj
type NetworkSecurityMatchTarget field type str type ref.
ALBIpAddrMatch
microservice Microservice

Placeholder for description of property microservice of obj
type NetworkSecurityMatchTarget field type str type ref.
ALBMicroServiceMatch
vs_port Vs port

Placeholder for description of property vs_port of obj type
NetworkSecurityMatchTarget field type str type ref.
ALBPortMatch

ALBNetworkSecurityPolicy (schema)

NetworkSecurityPolicy

Advanced load balancer NetworkSecurityPolicy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cloud_config_cksum Cloud config cksum

Checksum of cloud configuration for Network Sec Policy.
Internally set by cloud connector.
string
created_by Created by

Creator name.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBNetworkSecurityPolicy string
rules Rules

Placeholder for description of property rules of obj type
NetworkSecurityPolicy field type str type array.
array of ALBNetworkSecurityRule
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBNetworkSecurityPolicyActionRLParam (schema)

NetworkSecurityPolicyActionRLParam

Advanced load balancer NetworkSecurityPolicyActionRLParam object

Name Description Type Notes
burst_size Burst size

Maximum number of connections or requests or packets to be
rate limited instantaneously.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Required
Default: "0"
max_rate Max rate

Maximum number of connections or requests or packets per
second.
Allowed values are 1-4294967295.
integer Required
Minimum: 1
Maximum: 4294967295

ALBNetworkSecurityPolicyActionType (schema)

NetworkSecurityPolicyActionType type

Valid ENUM values for ALBNetworkSecurityPolicyActionType

Name Description Type Notes
ALBNetworkSecurityPolicyActionType NetworkSecurityPolicyActionType type

Valid ENUM values for ALBNetworkSecurityPolicyActionType		 string Enum: NETWORK_SECURITY_POLICY_ACTION_TYPE_ALLOW, NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY, NETWORK_SECURITY_POLICY_ACTION_TYPE_RATE_LIMIT

ALBNetworkSecurityPolicyApiResponse (schema)

NetworkSecurityPolicyApiResponse

NetworkSecurityPolicyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of NetworkSecurityPolicy

Array of NetworkSecurityPolicy
array of ALBNetworkSecurityPolicy
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBNetworkSecurityRule (schema)

NetworkSecurityRule

Advanced load balancer NetworkSecurityRule object

Name Description Type Notes
action Action

Enum options - NETWORK_SECURITY_POLICY_ACTION_TYPE_ALLOW,
NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY,
NETWORK_SECURITY_POLICY_ACTION_TYPE_RATE_LIMIT.
Allowed in Basic(Allowed values-
NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY) edition,
Essentials(Allowed values-
NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY) edition,
Enterprise edition.
ALBNetworkSecurityPolicyActionType Required
age Age

Time in minutes after which rule will be deleted.
Allowed values are 1-4294967295.
Special values are 0- 'blocked for ever'.
Unit is MIN.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 4294967295
Default: "0"
created_by Created by

Creator name.		 string
enable Enable

Placeholder for description of property enable of obj type
NetworkSecurityRule field type str type boolean.
boolean Required
index Index

Number of index.		 integer Required
log Log

Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
match Match

Placeholder for description of property match of obj type
NetworkSecurityRule field type str type ref.
ALBNetworkSecurityMatchTarget Required
name Name

Name of the object.		 string Required
rl_param Rl param

Placeholder for description of property rl_param of obj
type NetworkSecurityRule field type str type ref.
ALBNetworkSecurityPolicyActionRLParam

ALBOCSPConfig (schema)

OCSPConfig

Advanced load balancer OCSPConfig object

Name Description Type Notes
failed_ocsp_jobs_retry_interval Failed ocsp jobs retry interval

Describes the Time Interval after which the next OCSP job
needs to be scheduled in case of the OCSP job failures.
Allowed values are 60-86400.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 3600.
integer Minimum: 60
Maximum: 86400
Default: "3600"
max_tries Max tries

Maximum number of times the failed OCSP jobs can be
scheduled.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Default: "10"
ocsp_req_interval Ocsp req interval

Interval between the OCSP queries.
Allowed values are 60-31536000.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 86400.
integer Minimum: 60
Maximum: 31536000
Default: "86400"
ocsp_resp_timeout Ocsp resp timeout

Time in seconds that the system waits for a reply from the
OCSP responder before dropping the connection.
Unit is SEC.
integer
responder_url_lists Responder url lists

List of Responder URLs configured by user to do
failover/override the AIA extension contained in the OCSP
responder's SSL/TLS certificate.
array of string
url_action Url action

Describes the type of action to take with the Responder
URLs.
Enum options - OCSP_RESPONDER_URL_FAILOVER,
OCSP_RESPONDER_URL_OVERRIDE.
Default value when not specified in API or module is
interpreted by ALB Controller as
OCSP_RESPONDER_URL_FAILOVER.
ALBOCSPResponderUrlAction Default: "OCSP_RESPONDER_URL_FAILOVER"

ALBOCSPResponderUrlAction (schema)

OCSPResponderUrlAction type

Valid ENUM values for ALBOCSPResponderUrlAction

Name Description Type Notes
ALBOCSPResponderUrlAction OCSPResponderUrlAction type

Valid ENUM values for ALBOCSPResponderUrlAction		 string Enum: OCSP_RESPONDER_URL_FAILOVER, OCSP_RESPONDER_URL_OVERRIDE

ALBOperationMode (schema)

OperationMode type

Valid ENUM values for ALBOperationMode

Name Description Type Notes
ALBOperationMode OperationMode type

Valid ENUM values for ALBOperationMode		 string Enum: DETECTION, MITIGATION

ALBPGDeploymentRule (schema)

PGDeploymentRule

Advanced load balancer PGDeploymentRule object

Name Description Type Notes
metric_id Metric id

metric_id of PGDeploymentRule.
Default value when not specified in API or module is
interpreted by ALB Controller as health.health_score_value.
string Default: "health.health_score_value"
operator Operator

Enum options - CO_EQ, CO_GT, CO_GE, CO_LT, CO_LE, CO_NE.
Default value when not specified in API or module is
interpreted by ALB Controller as CO_GE.
ALBComparisonOperator Default: "CO_GE"
threshold Threshold

metric threshold that is used as the pass fail.
If it is not provided then it will simply compare it with
current pool vs new pool.
number

ALBPKIProfile (schema)

PKIProfile

Advanced load balancer PKIProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
ca_certs Ca certs

List of Certificate Authorities (Root and Intermediate)
trusted that is used for certificate validation.
array of ALBSSLCertificate
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
created_by Created by

Creator name.		 string
crl_check Crl check

When enabled, Avi will verify via CRL checks that
certificates in the trust chain have not been revoked.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
crls Crls

Certificate Revocation Lists.		 array of ALBCRL
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ignore_peer_chain Ignore peer chain

When enabled, Avi will not trust Intermediate and Root
certs presented by a client.
Instead, only the chain certs configured in the Certificate
Authority section will be used to verify trust of the
client's cert.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Special default for Basic edition is true, Essentials
edition is true, Enterprise is False.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
is_federated Is federated

This field describes the object's replication scope.
If the field is set to false, then the object is visible
within the controller-cluster and its associated
service-engines.
If the field is set to true, then the object is replicated
across the federation.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBPKIProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
validate_only_leaf_crl Validate only leaf crl

When enabled, Avi will only validate the revocation status
of the leaf certificate using CRL.
To enable validation for the entire chain, disable this
option and provide all the relevant CRLs.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBPKIProfileApiResponse (schema)

PKIProfileApiResponse

PKIProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of PKIProfile

Array of PKIProfile
array of ALBPKIProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBPathMatch (schema)

PathMatch

Advanced load balancer PathMatch object

Name Description Type Notes
match_case Match case

Case sensitivity to use for the matching.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as INSENSITIVE.
ALBMatchCase Default: "INSENSITIVE"
match_criteria Match criteria

Criterion to use for matching the path in the HTTP request
URI.
Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS,
DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS,
DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH.
Allowed in Basic(Allowed values-
BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL)
edition, Essentials(Allowed values-
BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL)
edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as CONTAINS.
ALBStringOperation Required
Default: "CONTAINS"
match_str Match str

String values.		 array of string
string_group_paths String group paths

path of the string group(s).
It is a reference to an object of type StringGroup.
array of string

ALBPerformanceLimits (schema)

PerformanceLimits

Advanced load balancer PerformanceLimits object

Name Description Type Notes
max_concurrent_connections Max concurrent connections

The maximum number of concurrent client conections allowed
to the Virtual Service.
integer
max_throughput Max throughput

The maximum throughput per second for all clients allowed
through the client side of the Virtual Service.
integer

ALBPersistenceProfileType (schema)

PersistenceProfileType type

Valid ENUM values for ALBPersistenceProfileType

Name Description Type Notes
ALBPersistenceProfileType PersistenceProfileType type

Valid ENUM values for ALBPersistenceProfileType		 string Enum: PERSISTENCE_TYPE_CLIENT_IP_ADDRESS, PERSISTENCE_TYPE_HTTP_COOKIE, PERSISTENCE_TYPE_TLS, PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS, PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER, PERSISTENCE_TYPE_APP_COOKIE, PERSISTENCE_TYPE_GSLB_SITE

ALBPersistentServerHMDownRecovery (schema)

PersistentServerHMDownRecovery type

Valid ENUM values for ALBPersistentServerHMDownRecovery

Name Description Type Notes
ALBPersistentServerHMDownRecovery PersistentServerHMDownRecovery type

Valid ENUM values for ALBPersistentServerHMDownRecovery		 string Enum: HM_DOWN_PICK_NEW_SERVER, HM_DOWN_ABORT_CONNECTION, HM_DOWN_CONTINUE_PERSISTENT_SERVER

ALBPlacementNetwork (schema)

PlacementNetwork

Advanced load balancer PlacementNetwork object

Name Description Type Notes
network_name Network name

It is a reference to an object of type Network.		 string Required
subnet Subnet

Placeholder for description of property subnet of obj type
PlacementNetwork field type str type ref.
ALBIpAddrPrefix Required

ALBPool (schema)

Pool

Advanced load balancer Pool object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
analytics_policy Analytics policy

Determines analytics settings for the pool.		 ALBPoolAnalyticsPolicy
analytics_profile_path Analytics profile path

Specifies settings related to analytics.
It is a reference to an object of type AnalyticsProfile.
string
apic_epg_name Apic epg name

Synchronize Cisco APIC EPG members with pool servers.		 string
application_persistence_profile_path Application persistence profile path

Persistence will ensure the same user sticks to the same
server for a desired duration of time.
It is a reference to an object of type
ApplicationPersistenceProfile.
string
autoscale_launch_config_path Autoscale launch config path

If configured then Avi will trigger orchestration of pool
server creation and deletion.
It is a reference to an object of type
AutoScaleLaunchConfig.
string
autoscale_networks Autoscale networks

Network Ids for the launch configuration.		 array of string
autoscale_policy_path Autoscale policy path

Reference to Server Autoscale Policy.
It is a reference to an object of type
ServerAutoScalePolicy.
string
capacity_estimation Capacity estimation

Inline estimation of capacity of servers.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
capacity_estimation_ttfb_thresh Capacity estimation ttfb thresh

The maximum time-to-first-byte of a server.
Allowed values are 1-5000.
Special values are 0 - 'Automatic'.
Unit is MILLISECONDS.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 5000
Default: "0"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cloud_config_cksum Cloud config cksum

Checksum of cloud configuration for Pool.
Internally set by cloud connector.
string
cloud_name Cloud name

It is a reference to an object of type Cloud.		 string
conn_pool_properties Conn pool properties

Connnection pool properties.		 ALBConnPoolProperties
connection_ramp_duration Connection ramp duration

Duration for which new connections will be gradually ramped
up to a server recently brought online.
Useful for LB algorithms that are least connection based.
Allowed values are 1-300.
Special values are 0 - 'Immediate'.
Unit is MIN.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Special default for Basic edition is 0, Essentials edition
is 0, Enterprise is 10.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 300
Default: "0"
created_by Created by

Creator name.		 string
default_server_port Default server port

Traffic sent to servers will use this destination server
port unless overridden by the server's specific port
attribute.
The SSL checkbox enables Avi to server encryption.
Allowed values are 1-65535.
Default value when not specified in API or module is
interpreted by ALB Controller as 80.
integer Minimum: 1
Maximum: 65535
Default: "80"
delete_server_on_dns_refresh Delete server on dns refresh

Indicates whether existing IPs are disabled(false) or
deleted(true) on dns hostname refreshDetail -- On a dns
refresh, some IPs set on pool may no longer be returned by
the resolver.
These IPs are deleted from the pool when this knob is set
to true.
They are disabled, if the knob is set to false.
Allowed in Basic(Allowed values- true) edition,
Essentials(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domain_name Domain name

Comma separated list of domain names which will be used to
verify the common names or subject alternative names
presented by server certificates.
It is performed only when common name check
host_check_enabled is enabled.
array of string
east_west East west

Inherited config from VirtualService.		 boolean
enable_http2 Enable http2

Enable HTTP/2 for traffic from VirtualService to all
backend servers in this pool.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enabled Enabled

Enable or disable the pool.
Disabling will terminate all open connections and pause
health monitors.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
external_autoscale_groups External autoscale groups

Names of external auto-scale groups for pool servers.
Currently available only for AWS and Azure.
array of string
fail_action Fail action

Enable an action - Close Connection, HTTP Redirect or Local
HTTP Response - when a pool failure happens.
By default, a connection will be closed, in case the pool
experiences a failure.
ALBFailAction
fewest_tasks_feedback_delay Fewest tasks feedback delay

Periodicity of feedback for fewest tasks server selection
algorithm.
Allowed values are 1-300.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Minimum: 1
Maximum: 300
Default: "10"
graceful_disable_timeout Graceful disable timeout

Used to gracefully disable a server.
Virtual service waits for the specified time before
terminating the existing connections to the servers that
are disabled.
Allowed values are 1-7200.
Special values are 0 - 'Immediate', -1 - 'Infinite'.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: -1
Maximum: 7200
Default: "1"
group_paths Group paths

A list of NSX Groups where the Servers for the Pool are
created .
array of string
gslb_sp_enabled Gslb sp enabled

Indicates if the pool is a site-persistence pool.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
boolean
health_monitor_paths Health monitor paths

Verify server health by applying one or more health
monitors.
Active monitors generate synthetic traffic from each
Service Engine and mark a server up or down based on the
response.
The Passive monitor listens only to client to server
communication.
It raises or lowers the ratio of traffic destined to a
server based on successful responses.
It is a reference to an object of type HealthMonitor.
Maximum of 50 items allowed.
array of string
host_check_enabled Host check enabled

Enable common name check for server certificate.
If enabled and no explicit domain name is specified, Avi
will use the incoming host header to do the match.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
id Unique identifier of this resource string Sortable
ignore_server_port Ignore server port

Ignore the server port in building the load balancing
state.Applicable only for consistent hash load balancing
algorithm or Disable Port translation (use_service_port) use
cases.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
inline_health_monitor Inline health monitor

The Passive monitor will monitor client to server
connections and requests and adjust traffic load to servers
based on successful responses.
This may alter the expected behavior of the LB method, such
as Round Robin.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
ipaddrgroup_path Ipaddrgroup path

Use list of servers from Ip Address Group.
It is a reference to an object of type IpAddrGroup.
string
lb_algorithm Lb algorithm

The load balancing algorithm will pick a server within the
pool's list of available servers.
Values LB_ALGORITHM_NEAREST_SERVER and
LB_ALGORITHM_TOPOLOGY are only allowed for GSLB pool.
Enum options - LB_ALGORITHM_LEAST_CONNECTIONS,
LB_ALGORITHM_ROUND_ROBIN, LB_ALGORITHM_FASTEST_RESPONSE,
LB_ALGORITHM_CONSISTENT_HASH, LB_ALGORITHM_LEAST_LOAD,
LB_ALGORITHM_FEWEST_SERVERS, LB_ALGORITHM_RANDOM,
LB_ALGORITHM_FEWEST_TASKS, LB_ALGORITHM_NEAREST_SERVER,
LB_ALGORITHM_CORE_AFFINITY, LB_ALGORITHM_TOPOLOGY.
Allowed in Basic(Allowed values-
LB_ALGORITHM_LEAST_CONNECTIONS,LB_ALGORITHM_ROUND_ROBIN,LB_ALGORITHM_CONSISTENT_HASH)
edition, Essentials(Allowed values-
LB_ALGORITHM_LEAST_CONNECTIONS,LB_ALGORITHM_ROUND_ROBIN,LB_ALGORITHM_CONSISTENT_HASH)
edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as
LB_ALGORITHM_LEAST_CONNECTIONS.
ALBLbAlgorithm Default: "LB_ALGORITHM_LEAST_CONNECTIONS"
lb_algorithm_consistent_hash_hdr Lb algorithm consistent hash hdr

HTTP header name to be used for the hash key.		 string
lb_algorithm_core_nonaffinity Lb algorithm core nonaffinity

Degree of non-affinity for core affinity based server
selection.
Allowed values are 1-65535.
Allowed in Basic(Allowed values- 2) edition,
Essentials(Allowed values- 2) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.
integer Minimum: 1
Maximum: 65535
Default: "2"
lb_algorithm_hash Lb algorithm hash

Criteria used as a key for determining the hash between the
client and server.
Enum options -
LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS,
LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT,
LB_ALGORITHM_CONSISTENT_HASH_URI,
LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER,
LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_STRING,
LB_ALGORITHM_CONSISTENT_HASH_CALLID.
Allowed in Basic(Allowed values-
LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS) edition,
Essentials(Allowed values-
LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS) edition,
Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as
LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS.
ALBLbAlgorithmConsistentHash Default: "LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS"
lookup_server_by_name Lookup server by name

Allow server lookup by name.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
max_concurrent_connections_per_server Max concurrent connections per server

The maximum number of concurrent connections allowed to
each server within the pool.
NOTE applied value will be no less than the number of
service engines that the pool is placed on.
If set to 0, no limit is applied.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
max_conn_rate_per_server Max conn rate per server

Rate Limit connections to each server.		 ALBRateProfile
min_health_monitors_up Min health monitors up

Minimum number of health monitors in UP state to mark
server UP.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
integer
min_servers_up Min servers up

Minimum number of servers in UP state for marking the pool
UP.
integer
networks Networks

(internal-use) Networks designated as containing servers
for this pool.
The servers may be further narrowed down by a filter.
This field is used internally by Avi, not editable by the
user.
array of ALBNetworkFilter
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pki_profile_path Pki profile path

Avi will validate the SSL certificate present by a server
against the selected PKI Profile.
It is a reference to an object of type PKIProfile.
string
placement_networks Placement networks

Manually select the networks and subnets used to provide
reachability to the pool's servers.
Specify the Subnet using the following syntax 10-1-1-0/24.
Use static routes in VRF configuration when pool servers
are not directly connected but routable from the service
engine.
array of ALBPlacementNetwork
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
request_queue_depth Request queue depth

Minimum number of requests to be queued when pool is full.
Allowed in Basic(Allowed values- 128) edition,
Essentials(Allowed values- 128) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 128.
integer Default: "128"
request_queue_enabled Request queue enabled

Enable request queue when pool is full.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
resource_type Must be set to the value ALBPool string
rewrite_host_header_to_server_name Rewrite host header to server name

Rewrite incoming Host Header to server name of the server
to which the request is proxied.
Enabling this feature rewrites Host Header for requests to
all servers in the pool.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
rewrite_host_header_to_sni Rewrite host header to sni

If SNI server name is specified, rewrite incoming host
header to the SNI server name.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
routing_pool Routing pool

Enable to do routing when this pool is selected to send
traffic.
No servers present in routing pool.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
server_name Server name

Fully qualified DNS hostname which will be used in the TLS
SNI extension in server connections if SNI is enabled.
If no value is specified, Avi will use the incoming host
header instead.
string
server_reselect Server reselect

Server reselect configuration for HTTP requests.		 ALBHTTPServerReselect
server_timeout Server timeout

Server timeout value specifies the time within which a
server connection needs to be established and a
request-response exchange completes between AVI and the
server.
Value of 0 results in using default timeout of 60 minutes.
Allowed values are 0-21600000.
Unit is MILLISECONDS.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 21600000
Default: "0"
servers Servers

The pool directs load balanced traffic to this list of
destination servers.
The servers can be configured by IP address, name, network
or via IP Address Group.
Maximum of 5000 items allowed.
array of ALBServer
service_metadata Service metadata

Metadata pertaining to the service provided by this Pool.
In Openshift/Kubernetes environments, app metadata info is
stored.
Any user input to this field will be overwritten by Avi
Vantage.
string
sni_enabled Sni enabled

Enable TLS SNI for server connections.
If disabled, Avi will not send the SNI extension as part of
the handshake.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
ssl_key_and_certificate_path Ssl key and certificate path

Service Engines will present a client SSL certificate to
the server.
It is a reference to an object of type
SSLKeyAndCertificate.
string
ssl_profile_path Ssl profile path

When enabled, Avi re-encrypts traffic to the backend
servers.
The specific SSL profile defines which ciphers and SSL
versions will be supported.
It is a reference to an object of type SSLProfile.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tier1_path Tier1 path

This tier1_lr field should be set same as VirtualService
associated for NSX-T.
string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
use_service_port Use service port

Do not translate the client's destination port when sending
the connection to the server.
The pool or servers specified service port will still be
used for health monitoring.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
vrf_name Vrf name

Virtual Routing Context that the pool is bound to.
This is used to provide the isolation of the set of
networks the pool is attached to.
The pool inherits the Virtual Routing Conext of the Virtual
Service, and this field is used only internally, and is set
by pb-transform.
It is a reference to an object of type VrfContext.
string

ALBPoolAnalyticsPolicy (schema)

PoolAnalyticsPolicy

Advanced load balancer PoolAnalyticsPolicy object

Name Description Type Notes
enable_realtime_metrics Enable realtime metrics

Enable real time metrics for server and pool metrics eg.
l4_server.xxx, l7_server.xxx.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"

ALBPoolApiResponse (schema)

PoolApiResponse

PoolApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of Pool

Array of Pool
array of ALBPool
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBPoolDeploymentState (schema)

PoolDeploymentState type

Valid ENUM values for ALBPoolDeploymentState

Name Description Type Notes
ALBPoolDeploymentState PoolDeploymentState type

Valid ENUM values for ALBPoolDeploymentState		 string Enum: EVALUATION_IN_PROGRESS, IN_SERVICE, OUT_OF_SERVICE, EVALUATION_FAILED

ALBPoolGroup (schema)

PoolGroup

Advanced load balancer PoolGroup object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cloud_config_cksum Cloud config cksum

Checksum of cloud configuration for PoolGroup.
Internally set by cloud connector.
string
cloud_name Cloud name

It is a reference to an object of type Cloud.		 string
created_by Created by

Name of the user who created the object.		 string
deactivate_primary_pool_on_down Deactivate primary pool on down

Deactivate primary pool for selection when down until it is
activated by user via clear poolgroup command.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
deployment_policy_path Deployment policy path

When setup autoscale manager will automatically promote new
pools into production when deployment goals are met.
It is a reference to an object of type
PoolGroupDeploymentPolicy.
string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_http2 Enable http2

Enable HTTP/2 for traffic from VirtualService to all the
backend servers in all the pools configured under this
PoolGroup.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
fail_action Fail action

Enable an action - Close Connection, HTTP Redirect, or
Local HTTP Response - when a pool group failure happens.
By default, a connection will be closed, in case the pool
group experiences a failure.
ALBFailAction
id Unique identifier of this resource string Sortable
implicit_priority_labels Implicit priority labels

Whether an implicit set of priority labels is generated.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
members Members

List of pool group members object of type PoolGroupMember.		 array of ALBPoolGroupMember
min_servers Min servers

The minimum number of servers to distribute traffic to.
Allowed values are 1-65535.
Special values are 0 - 'Disable'.
Allowed in Basic(Allowed values- 0) edition,
Essentials(Allowed values- 0) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 65535
Default: "0"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
priority_labels_path Priority labels path

path of the priority labels.
If not provided, pool group member priority label will be
interpreted as a number with a larger number considered
higher priority.
It is a reference to an object of type PriorityLabels.
string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBPoolGroup string
service_metadata Service metadata

Metadata pertaining to the service provided by this
PoolGroup.
In Openshift/Kubernetes environments, app metadata info is
stored.
Any user input to this field will be overwritten by Avi
Vantage.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBPoolGroupApiResponse (schema)

PoolGroupApiResponse

PoolGroupApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of PoolGroup

Array of PoolGroup
array of ALBPoolGroup
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBPoolGroupDeploymentPolicy (schema)

PoolGroupDeploymentPolicy

Advanced load balancer PoolGroupDeploymentPolicy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auto_disable_old_prod_pools Auto disable old prod pools

It will automatically disable old production pools once
there is a new production candidate.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
evaluation_duration Evaluation duration

Duration of evaluation period for automatic deployment.
Allowed values are 60-86400.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 300.
integer Minimum: 60
Maximum: 86400
Default: "300"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBPoolGroupDeploymentPolicy string
rules Rules

Placeholder for description of property rules of obj type
PoolGroupDeploymentPolicy field type str type array.
array of ALBPGDeploymentRule
scheme Scheme

deployment scheme.
Enum options - BLUE_GREEN, CANARY.
Default value when not specified in API or module is
interpreted by ALB Controller as BLUE_GREEN.
ALBPoolGroupDeploymentScheme Default: "BLUE_GREEN"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target_test_traffic_ratio Target test traffic ratio

Target traffic ratio before pool is made production.
Allowed values are 1-100.
Unit is RATIO.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Minimum: 1
Maximum: 100
Default: "100"
test_traffic_ratio_rampup Test traffic ratio rampup

Ratio of the traffic that is sent to the pool under test.
test ratio of 100 means blue green.
Allowed values are 1-100.
Default value when not specified in API or module is
interpreted by ALB Controller as 100.
integer Minimum: 1
Maximum: 100
Default: "100"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
webhook_path Webhook path

Webhook configured with URL that Avi controller will pass
back information about pool group, old and new pool
information and current deployment rule results.
It is a reference to an object of type Webhook.
string

ALBPoolGroupDeploymentPolicyApiResponse (schema)

PoolGroupDeploymentPolicyApiResponse

PoolGroupDeploymentPolicyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of PoolGroupDeploymentPolicy

Array of PoolGroupDeploymentPolicy
array of ALBPoolGroupDeploymentPolicy
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBPoolGroupDeploymentScheme (schema)

PoolGroupDeploymentScheme type

Valid ENUM values for ALBPoolGroupDeploymentScheme

Name Description Type Notes
ALBPoolGroupDeploymentScheme PoolGroupDeploymentScheme type

Valid ENUM values for ALBPoolGroupDeploymentScheme		 string Enum: BLUE_GREEN, CANARY

ALBPoolGroupMember (schema)

PoolGroupMember

Advanced load balancer PoolGroupMember object

Name Description Type Notes
deployment_state Deployment state

Pool deployment state used with the PG deployment policy.
Enum options - EVALUATION_IN_PROGRESS, IN_SERVICE,
OUT_OF_SERVICE, EVALUATION_FAILED.
ALBPoolDeploymentState
pool_path Pool path

path of the pool.
It is a reference to an object of type Pool.
string Required
priority_label Priority label

All pools with same label are treated similarly in a pool
group.
A pool with a higher priority is selected, as long as the
pool is eligible or an explicit policy chooses a different
pool.
string
ratio Ratio

Ratio of selecting eligible pools in the pool group.
Allowed values are 1-1000.
Special values are 0 - 'Do not select this pool for new
connections'.
Allowed in Basic(Allowed values- 1) edition,
Essentials(Allowed values- 1) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: 0
Maximum: 1000
Default: "1"

ALBPoolServer (schema)

PoolServer

Advanced load balancer PoolServer object

Name Description Type Notes
hostname Hostname

DNS resolvable name of the server.
May be used in place of the IP address.
string
ip Ip

IP address of the server in the poool.		 ALBIpAddr Required
port Port

Port of the pool server listening for HTTP/HTTPS.
Default value is the default port in the pool.
Allowed values are 1-65535.
integer Minimum: 1
Maximum: 65535

ALBPortMatch (schema)

PortMatch

Advanced load balancer PortMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for port matching the HTTP request.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
ports Ports

Listening TCP port(s).
Allowed values are 1-65535.
Minimum of 1 items required.
array of integer Required

ALBPortRange (schema)

PortRange

Advanced load balancer PortRange object

Name Description Type Notes
end End

TCP/UDP port range end (inclusive).
Allowed values are 1-65535.
integer Required
Minimum: 1
Maximum: 65535
start Start

TCP/UDP port range start (inclusive).
Allowed values are 1-65535.
integer Required
Minimum: 1
Maximum: 65535

ALBPriorityLabels (schema)

PriorityLabels

Advanced load balancer PriorityLabels object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cloud_name Cloud name

It is a reference to an object of type Cloud.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
equivalent_labels Equivalent labels

Equivalent priority labels in descending order.		 array of ALBEquivalentLabels
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBPriorityLabels string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBPriorityLabelsApiResponse (schema)

PriorityLabelsApiResponse

PriorityLabelsApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of PriorityLabels

Array of PriorityLabels
array of ALBPriorityLabels
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBProtocol (schema)

Protocol type

Valid ENUM values for ALBProtocol

Name Description Type Notes
ALBProtocol Protocol type

Valid ENUM values for ALBProtocol		 string Enum: PROTOCOL_ICMP, PROTOCOL_TCP, PROTOCOL_UDP

ALBProtocolMatch (schema)

ProtocolMatch

Advanced load balancer ProtocolMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for protocol matching the HTTP request.
Enum options - IS_IN, IS_NOT_IN.
ALBMatchOperation Required
protocols Protocols

HTTP or HTTPS protocol.
Enum options - HTTP, HTTPS.
ALBHTTPProtocol Required

ALBProtocolParser (schema)

ProtocolParser

Advanced load balancer ProtocolParser object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
parser_code Parser code

Command script provided inline.		 string Required
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBProtocolParser string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBProtocolParserApiResponse (schema)

ProtocolParserApiResponse

ProtocolParserApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of ProtocolParser

Array of ProtocolParser
array of ALBProtocolParser
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBProtocolType (schema)

ProtocolType type

Valid ENUM values for ALBProtocolType

Name Description Type Notes
ALBProtocolType ProtocolType type

Valid ENUM values for ALBProtocolType		 string Enum: PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH, PROTOCOL_TYPE_UDP_PROXY

ALBProxyProtocolVersion (schema)

ProxyProtocolVersion type

Valid ENUM values for ALBProxyProtocolVersion

Name Description Type Notes
ALBProxyProtocolVersion ProxyProtocolVersion type

Valid ENUM values for ALBProxyProtocolVersion		 string Enum: PROXY_PROTOCOL_VERSION_1, PROXY_PROTOCOL_VERSION_2

ALBQueryMatch (schema)

QueryMatch

Advanced load balancer QueryMatch object

Name Description Type Notes
match_case Match case

Case sensitivity to use for the match.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as INSENSITIVE.
ALBMatchCase Default: "INSENSITIVE"
match_criteria Match criteria

Criterion to use for matching the query in HTTP request
URI.
Enum options - QUERY_MATCH_CONTAINS.
ALBQueryMatchOperation Required
match_str Match str

String value(s).		 array of string
string_group_paths String group paths

path of the string group(s).
It is a reference to an object of type StringGroup.
array of string

ALBQueryMatchOperation (schema)

QueryMatchOperation type

Valid ENUM values for ALBQueryMatchOperation

Name Description Type Notes
ALBQueryMatchOperation QueryMatchOperation type

Valid ENUM values for ALBQueryMatchOperation		 string Enum: QUERY_MATCH_CONTAINS

ALBRateLimiter (schema)

RateLimiter

Advanced load balancer RateLimiter object

Name Description Type Notes
burst_sz Burst sz

Maximum number of connections, requests or packets to be
let through instantaneously.
If this is less than count, it will have no effect.
Allowed values are 0-1000000000.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000000000
Default: "0"
count Count

Maximum number of connections, requests or packets
permitted each period.
Allowed values are 1-1000000000.
Default value when not specified in API or module is
interpreted by ALB Controller as 1000000000.
integer Minimum: 1
Maximum: 1000000000
Default: "1000000000"
name Name

Identifier for Rate Limit.
Constructed according to context.
string
period Period

Time value in seconds to enforce rate count.
Allowed values are 1-1000000000.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: 1
Maximum: 1000000000
Default: "1"

ALBRateLimiterAction (schema)

RateLimiterAction

Advanced load balancer RateLimiterAction object

Name Description Type Notes
file File

File to be used for HTTP Local response rate limit action.		 ALBHTTPLocalFile
redirect Redirect

Parameters for HTTP Redirect rate limit action.		 ALBHTTPRedirectAction
status_code Status code

HTTP status code for Local Response rate limit action.
Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200,
HTTP_LOCAL_RESPONSE_STATUS_CODE_204,
HTTP_LOCAL_RESPONSE_STATUS_CODE_403,
HTTP_LOCAL_RESPONSE_STATUS_CODE_404,
HTTP_LOCAL_RESPONSE_STATUS_CODE_429,
HTTP_LOCAL_RESPONSE_STATUS_CODE_501.
Default value when not specified in API or module is
interpreted by ALB Controller as
HTTP_LOCAL_RESPONSE_STATUS_CODE_429.
ALBHTTPLocalResponseStatusCode Default: "HTTP_LOCAL_RESPONSE_STATUS_CODE_429"
type Type

Type of action to be enforced upon hitting the rate limit.
Enum options - RL_ACTION_NONE, RL_ACTION_DROP_CONN,
RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN,
RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT.
Default value when not specified in API or module is
interpreted by ALB Controller as RL_ACTION_NONE.
ALBRateLimiterActionType Default: "RL_ACTION_NONE"

ALBRateLimiterActionType (schema)

RateLimiterActionType type

Valid ENUM values for ALBRateLimiterActionType

Name Description Type Notes
ALBRateLimiterActionType RateLimiterActionType type

Valid ENUM values for ALBRateLimiterActionType		 string Enum: RL_ACTION_NONE, RL_ACTION_DROP_CONN, RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN, RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT

ALBRateLimiterProfile (schema)

RateLimiterProfile

Advanced load balancer RateLimiterProfile object

Name Description Type Notes
client_ip_connections_rate_limit Client ip connections rate limit

Rate Limit all connections made from any single client IP
address to the Virtual Service.
ALBRateProfile
client_ip_failed_requests_rate_limit Client ip failed requests rate limit

Rate Limit all requests from a client for a specified
period of time once the count of failed requests from that
client crosses a threshold for that period.
Clients are tracked based on their IP address.
Count and time period are specified through the
RateProfile.
Requests are deemed failed based on client or server side
error status codes, consistent with how Avi Logs and Metrics
subsystems mark failed requests.
ALBRateProfile
client_ip_requests_rate_limit Client ip requests rate limit

Rate Limit all HTTP requests from any single client IP
address to all URLs of the Virtual Service.
ALBRateProfile
client_ip_scanners_requests_rate_limit Client ip scanners requests rate limit

Automatically track clients and classify them into 3 groups
- Good, Bad, Unknown.
Clients are tracked based on their IP Address.
Clients are added to the Good group when the Avi Scan
Detection system builds history of requests from them that
complete successfully.
Clients are added to Unknown group when there is
insufficient history about them.
Requests from such clients are rate limited to the rate
specified in the RateProfile.
Finally, Clients with history of failed requests are added
to Bad group and their requests are rate limited with
stricter thresholds than the Unknown Clients group.
The Avi Scan Detection system automatically tunes itself so
that the Good, Bad, and Unknown client IPs group membership
changes dynamically with the changes in traffic patterns
through the ADC.
ALBRateProfile
client_ip_to_uri_failed_requests_rate_limit Client ip to uri failed requests rate limit

Rate Limit all requests from a client to a URI for a
specified period of time once the count of failed requests
from that client to the URI crosses a threshold for that
period.
Clients are tracked based on their IP address.
Count and time period are specified through the
RateProfile.
Requests are deemed failed based on client or server side
error status codes, consistent with how Avi Logs and Metrics
subsystems mark failed requests.
ALBRateProfile
client_ip_to_uri_requests_rate_limit Client ip to uri requests rate limit

Rate Limit all HTTP requests from any single client IP
address to any single URL.
ALBRateProfile
custom_requests_rate_limit Custom requests rate limit

Rate Limit all HTTP requests that map to any custom string.		 ALBRateProfile
http_header_rate_limits Http header rate limits

Rate Limit all HTTP requests from all client IP addresses
that contain any single HTTP header value.
array of ALBRateProfile
uri_failed_requests_rate_limit Uri failed requests rate limit

Rate Limit all requests to a URI for a specified period of
time once the count of failed requests to that URI crosses a
threshold for that period.
Count and time period are specified through the
RateProfile.
Requests are deemed failed based on client or server side
error status codes, consistent with how Avi Logs and Metrics
subsystems mark failed requests.
ALBRateProfile
uri_requests_rate_limit Uri requests rate limit

Rate Limit all HTTP requests from all client IP addresses
to any single URL.
ALBRateProfile
uri_scanners_requests_rate_limit Uri scanners requests rate limit

Automatically track URIs and classify them into 3 groups -
Good, Bad, Unknown.
URIs are added to the Good group when the Avi Scan
Detection system builds history of requests to URIs that
complete successfully.
URIs are added to Unknown group when there is insufficient
history about them.
Requests for such URIs are rate limited to the rate
specified in the RateProfile.
Finally, URIs with history of failed requests are added to
Bad group and requests to them are rate limited with
stricter thresholds than the Unknown URIs group.
The Avi Scan Detection system automatically tunes itself so
that the Good, Bad, and Unknown URIs group membership
changes dynamically with the changes in traffic patterns
through the ADC.
ALBRateProfile

ALBRateProfile (schema)

RateProfile

Advanced load balancer RateProfile object

Name Description Type Notes
action Action

Action to perform upon rate limiting.		 ALBRateLimiterAction Required
explicit_tracking Explicit tracking

Explicitly tracks an attacker across rate periods.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
fine_grain Fine grain

Enable fine granularity.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
http_cookie Http cookie

HTTP cookie name.		 string
http_header Http header

HTTP header name.		 string
rate_limiter Rate limiter

The rate limiter configuration for this rate profile.		 ALBRateLimiter

ALBReplaceStringType (schema)

ReplaceStringType type

Valid ENUM values for ALBReplaceStringType

Name Description Type Notes
ALBReplaceStringType ReplaceStringType type

Valid ENUM values for ALBReplaceStringType		 string Enum: DATASCRIPT_VAR, HTTP_HEADER_VAR, LITERAL_STRING

ALBReplaceStringVar (schema)

ReplaceStringVar

Advanced load balancer ReplaceStringVar object

Name Description Type Notes
type Type

Type of replacement string - can be a variable exposed from
datascript, value of an HTTP header or a custom user-input
literal string.
Enum options - DATASCRIPT_VAR, HTTP_HEADER_VAR,
LITERAL_STRING.
ALBReplaceStringType
val Val

Value of the replacement string - name of variable exposed
from datascript, name of the HTTP header or a custom
user-input literal string.
string

ALBResponseMatchTarget (schema)

ResponseMatchTarget

Advanced load balancer ResponseMatchTarget object

Name Description Type Notes
client_ip Client ip

Configure client ip addresses.		 ALBIpAddrMatch
cookie Cookie

Configure HTTP cookie(s).		 ALBCookieMatch
hdrs Hdrs

Configure HTTP headers.		 array of ALBHdrMatch
host_hdr Host hdr

Configure the host header.		 ALBHostHdrMatch
loc_hdr Loc hdr

Configure the location header.		 ALBLocationHdrMatch
method Method

Configure HTTP methods.		 ALBMethodMatch
path Path

Configure request paths.		 ALBPathMatch
protocol Protocol

Configure the type of HTTP protocol.		 ALBProtocolMatch
query Query

Configure request query.		 ALBQueryMatch
rsp_hdrs Rsp hdrs

Configure the HTTP headers in response.		 array of ALBHdrMatch
status Status

Configure the HTTP status code(s).		 ALBHTTPStatusMatch
version Version

Configure versions of the HTTP protocol.		 ALBHTTPVersionMatch
vs_port Vs port

Configure virtual service ports.		 ALBPortMatch

ALBRoleFilterMatchLabel (schema)

RoleFilterMatchLabel

Advanced load balancer RoleFilterMatchLabel object

Name Description Type Notes
key Key

Key for filter match.		 string Required
values Values

Values for filter match.
Multiple values will be evaluated as OR.
Example key = value1 OR key = value2.
Behavior for match is key = (STAR) if this field is empty.
array of string

ALBSAMLSPConfig (schema)

SAMLSPConfig

Advanced load balancer SAMLSPConfig object

Name Description Type Notes
cookie_name Cookie name

HTTP cookie name for authenticated session.		 string
cookie_timeout Cookie timeout

Cookie timeout in minutes.
Allowed values are 1-1440.
Unit is MIN.
Default value when not specified in API or module is
interpreted by ALB Controller as 60.
integer Minimum: 1
Maximum: 1440
Default: "60"
entity_id Entity id

Globally unique SAML entityID for this node.
The SAML application entity ID on the IDP should match
this.
string Required
key Key

Key to generate the cookie.		 array of ALBHttpCookiePersistenceKey
signing_ssl_key_and_certificate_path Signing ssl key and certificate path

SP will use this SSL certificate to sign requests going to
the IdP and decrypt the assertions coming from IdP.
It is a reference to an object of type
SSLKeyAndCertificate.
string
single_signon_url Single signon url

SAML Single Signon URL to be programmed on the IDP.		 string Required
sp_metadata Sp metadata

SAML SP metadata for this application.		 string
use_idp_session_timeout Use idp session timeout

By enabling this field IdP can control how long the SP
session can exist through the SessionNotOnOrAfter field in
the AuthNStatement of SAML Response.
boolean

ALBSSLCertificate (schema)

SSLCertificate

Advanced load balancer SSLCertificate object

Name Description Type Notes
certificate Certificate

certificate of SSLCertificate.		 string
certificate_signing_request Certificate signing request

certificate_signing_request of SSLCertificate.		 string
chain_verified Chain verified

Placeholder for description of property chain_verified of
obj type SSLCertificate field type str type boolean.
boolean
days_until_expire Days until expire

Number of days_until_expire.
Default value when not specified in API or module is
interpreted by ALB Controller as 365.
integer Minimum: 1
Default: "365"
expiry_status Expiry status

Enum options - SSL_CERTIFICATE_GOOD,
SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED.
Default value when not specified in API or module is
interpreted by ALB Controller as SSL_CERTIFICATE_GOOD.
ALBSSLCertificateExpiryStatus Default: "SSL_CERTIFICATE_GOOD"
fingerprint Fingerprint

fingerprint of SSLCertificate.		 string
issuer Issuer

Placeholder for description of property issuer of obj type
SSLCertificate field type str type ref.
ALBSSLCertificateDescription
key_params Key params

Placeholder for description of property key_params of obj
type SSLCertificate field type str type ref.
ALBSSLKeyParams
not_after Not after

not_after of SSLCertificate.		 string
not_before Not before

not_before of SSLCertificate.		 string
public_key Public key

public_key of SSLCertificate.		 string
self_signed Self signed

Placeholder for description of property self_signed of obj
type SSLCertificate field type str type boolean.
boolean
serial_number Serial number

serial_number of SSLCertificate.		 string
signature Signature

signature of SSLCertificate.		 string
signature_algorithm Signature algorithm

signature_algorithm of SSLCertificate.		 string
subject Subject

Placeholder for description of property subject of obj type
SSLCertificate field type str type ref.
ALBSSLCertificateDescription
subject_alt_names Subject alt names

subjectAltName that provides additional subject identities.		 array of string
text Text

text of SSLCertificate.		 string
version Version

version of SSLCertificate.		 string

ALBSSLCertificateDescription (schema)

SSLCertificateDescription

Advanced load balancer SSLCertificateDescription object

Name Description Type Notes
common_name Common name

common_name of SSLCertificateDescription.		 string
country Country

country of SSLCertificateDescription.		 string
distinguished_name Distinguished name

distinguished_name of SSLCertificateDescription.		 string
email_address Email address

email_address of SSLCertificateDescription.		 string
locality Locality

locality of SSLCertificateDescription.		 string
organization Organization

organization of SSLCertificateDescription.		 string
organization_unit Organization unit

organization_unit of SSLCertificateDescription.		 string
state State

state of SSLCertificateDescription.		 string

ALBSSLCertificateExpiryStatus (schema)

SSLCertificateExpiryStatus type

Valid ENUM values for ALBSSLCertificateExpiryStatus

Name Description Type Notes
ALBSSLCertificateExpiryStatus SSLCertificateExpiryStatus type

Valid ENUM values for ALBSSLCertificateExpiryStatus		 string Enum: SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED

ALBSSLCertificateStatus (schema)

SSLCertificateStatus type

Valid ENUM values for ALBSSLCertificateStatus

Name Description Type Notes
ALBSSLCertificateStatus SSLCertificateStatus type

Valid ENUM values for ALBSSLCertificateStatus		 string Enum: SSL_CERTIFICATE_FINISHED, SSL_CERTIFICATE_PENDING

ALBSSLCertificateType (schema)

SSLCertificateType type

Valid ENUM values for ALBSSLCertificateType

Name Description Type Notes
ALBSSLCertificateType SSLCertificateType type

Valid ENUM values for ALBSSLCertificateType		 string Enum: SSL_CERTIFICATE_TYPE_VIRTUALSERVICE, SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_CA

ALBSSLClientCertificateAction (schema)

SSLClientCertificateAction

Advanced load balancer SSLClientCertificateAction object

Name Description Type Notes
close_connection Close connection

Placeholder for description of property close_connection of
obj type SSLClientCertificateAction field type str type
boolean.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
headers Headers

Placeholder for description of property headers of obj type
SSLClientCertificateAction field type str type array.
array of ALBSSLClientRequestHeader

ALBSSLClientCertificateMode (schema)

SSLClientCertificateMode type

Valid ENUM values for ALBSSLClientCertificateMode

Name Description Type Notes
ALBSSLClientCertificateMode SSLClientCertificateMode type

Valid ENUM values for ALBSSLClientCertificateMode		 string Enum: SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE

ALBSSLClientRequestHeader (schema)

SSLClientRequestHeader

Advanced load balancer SSLClientRequestHeader object

Name Description Type Notes
request_header Request header

If this header exists, reset the connection.
If the ssl variable is specified, add a header with this
value.
string
request_header_value Request header value

Set the request header with the value as indicated by this
SSL variable.
Eg.
send the whole certificate in PEM format.
Enum options - HTTP_POLICY_VAR_CLIENT_IP,
HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP,
HTTP_POLICY_VAR_HTTP_HDR,
HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT,
HTTP_POLICY_VAR_SSL_CLIENT_SERIAL,
HTTP_POLICY_VAR_SSL_CLIENT_ISSUER,
HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT,
HTTP_POLICY_VAR_SSL_CLIENT_RAW,
HTTP_POLICY_VAR_SSL_PROTOCOL,
HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME,
HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID,
HTTP_POLICY_VAR_SSL_CLIENT_VERSION,
HTTP_POLICY_VAR_SSL_CLIENT_SIGALG,
HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDBEFORE,
HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDAFTER.
ALBHTTPPolicyVar

ALBSSLFormat (schema)

SSLFormat type

Valid ENUM values for ALBSSLFormat

Name Description Type Notes
ALBSSLFormat SSLFormat type

Valid ENUM values for ALBSSLFormat		 string Enum: SSL_PEM, SSL_PKCS12

ALBSSLKeyAlgorithm (schema)

SSLKeyAlgorithm type

Valid ENUM values for ALBSSLKeyAlgorithm

Name Description Type Notes
ALBSSLKeyAlgorithm SSLKeyAlgorithm type

Valid ENUM values for ALBSSLKeyAlgorithm		 string Enum: SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC

ALBSSLKeyAndCertificate (schema)

SSLKeyAndCertificate

Advanced load balancer SSLKeyAndCertificate object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
ca_certs Ca certs

CA certificates in certificate chain.		 array of ALBCertificateAuthority
certificate Certificate

Placeholder for description of property certificate of obj
type SSLKeyAndCertificate field type str type ref.
ALBSSLCertificate Required
certificate_base64 Certificate base64

States if the certificate is base64 encoded.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
created_by Created by

Creator name.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dynamic_params Dynamic params

Dynamic parameters needed for certificate management
profile.
array of ALBCustomParams
enable_ocsp_stapling Enable ocsp stapling

Enables OCSP Stapling.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enckey_base64 Enckey base64

Encrypted private key corresponding to the private key
(e.g.
those generated by an HSM such as Thales nShield).
string
enckey_name Enckey name

Name of the encrypted private key (e.g.
those generated by an HSM such as Thales nShield).
string
format Format

Format of the Key/Certificate file.
Enum options - SSL_PEM, SSL_PKCS12.
Default value when not specified in API or module is
interpreted by ALB Controller as SSL_PEM.
ALBSSLFormat Default: "SSL_PEM"
hardwaresecuritymodulegroup_path Hardwaresecuritymodulegroup path

It is a reference to an object of type
HardwareSecurityModuleGroup.
string
id Unique identifier of this resource string Sortable
key Key

Private key.		 string
key_base64 Key base64

States if the private key is base64 encoded.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
key_params Key params

Placeholder for description of property key_params of obj
type SSLKeyAndCertificate field type str type ref.
ALBSSLKeyParams
key_passphrase Key passphrase

Passphrase used to encrypt the private key.		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
ocsp_config Ocsp config

Configuration related to OCSP.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBOCSPConfig
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBSSLKeyAndCertificate string
status Status

Enum options - SSL_CERTIFICATE_FINISHED,
SSL_CERTIFICATE_PENDING.
Default value when not specified in API or module is
interpreted by ALB Controller as SSL_CERTIFICATE_FINISHED.
ALBSSLCertificateStatus Default: "SSL_CERTIFICATE_FINISHED"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type

Enum options - SSL_CERTIFICATE_TYPE_VIRTUALSERVICE,
SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_CA.
ALBSSLCertificateType
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBSSLKeyAndCertificateApiResponse (schema)

SSLKeyAndCertificateApiResponse

SSLKeyAndCertificateApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of SSLKeyAndCertificate

Array of SSLKeyAndCertificate
array of ALBSSLKeyAndCertificate
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBSSLKeyECCurve (schema)

SSLKeyECCurve type

Valid ENUM values for ALBSSLKeyECCurve

Name Description Type Notes
ALBSSLKeyECCurve SSLKeyECCurve type

Valid ENUM values for ALBSSLKeyECCurve		 string Enum: SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1

ALBSSLKeyECParams (schema)

SSLKeyECParams

Advanced load balancer SSLKeyECParams object

Name Description Type Notes
curve Curve

Enum options - SSL_KEY_EC_CURVE_SECP256R1,
SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1.
Default value when not specified in API or module is
interpreted by ALB Controller as SSL_KEY_EC_CURVE_SECP256R1.
ALBSSLKeyECCurve Default: "SSL_KEY_EC_CURVE_SECP256R1"

ALBSSLKeyParams (schema)

SSLKeyParams

Advanced load balancer SSLKeyParams object

Name Description Type Notes
algorithm Algorithm

Enum options - SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC.
Default value when not specified in API or module is
interpreted by ALB Controller as SSL_KEY_ALGORITHM_RSA.
ALBSSLKeyAlgorithm Required
Default: "SSL_KEY_ALGORITHM_RSA"
ec_params Ec params

Placeholder for description of property ec_params of obj
type SSLKeyParams field type str type ref.
ALBSSLKeyECParams
rsa_params Rsa params

Placeholder for description of property rsa_params of obj
type SSLKeyParams field type str type ref.
ALBSSLKeyRSAParams

ALBSSLKeyRSAParams (schema)

SSLKeyRSAParams

Advanced load balancer SSLKeyRSAParams object

Name Description Type Notes
exponent Exponent

Number of exponent.
Default value when not specified in API or module is
interpreted by ALB Controller as 65537.
integer Default: "65537"
key_size Key size

Enum options - SSL_KEY_1024_BITS, SSL_KEY_2048_BITS,
SSL_KEY_3072_BITS, SSL_KEY_4096_BITS.
Default value when not specified in API or module is
interpreted by ALB Controller as SSL_KEY_2048_BITS.
ALBSSLRSAKeySize Default: "SSL_KEY_2048_BITS"

ALBSSLProfile (schema)

SSLProfile

Advanced load balancer SSLProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
accepted_ciphers Accepted ciphers

Ciphers suites represented as defined by https
//www.openssl.org/docs/apps/ciphers.html.
Default value when not specified in API or module is
interpreted by ALB Controller as AES:3DES:RC4.
string Default: "AES:3DES:RC4"
accepted_versions Accepted versions

Set of versions accepted by the server.
Minimum of 1 items required.
array of ALBSSLVersion Required
avi_tags Avi tags

Placeholder for description of property tags of obj type
SSLProfile field type str type array.
array of ALBTag
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cipher_enums Cipher enums

Enum options - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_AES_256_GCM_SHA384...
Allowed in Basic(Allowed values-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA)
edition, Essentials(Allowed values-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA)
edition, Enterprise edition.
array of ALBAcceptedCipherEnums
ciphersuites Ciphersuites

TLS 1.3 Ciphers suites represented as defined by U(https
//www.openssl.org/docs/manmaster/man1/ciphers.html).
Allowed in Basic edition, Essentials edition, Enterprise
edition.
Special default for Basic edition is
TLS_AES_256_GCM_SHA384-TLS_AES_128_GCM_SHA256, Essentials
edition is TLS_AES_256_GCM_SHA384-TLS_AES_128_GCM_SHA256,
Enterprise is
TLS_AES_256_GCM_SHA384-TLS_CHACHA20_POLY1305_SHA256-TLS_AES_128_GCM_SHA256.
Default value when not specified in API or module is
interpreted by ALB Controller as
TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256.
string Default: "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_early_data Enable early data

Enable early data processing for TLS1.3 connections.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_ssl_session_reuse Enable ssl session reuse

Enable SSL session re-use.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
prefer_client_cipher_ordering Prefer client cipher ordering

Prefer the SSL cipher ordering presented by the client
during the SSL handshake over the one specified in the SSL
Profile.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBSSLProfile string
send_close_notify Send close notify

Send 'close notify' alert message for a clean shutdown of
the SSL connection.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
ssl_rating Ssl rating

Placeholder for description of property ssl_rating of obj
type SSLProfile field type str type ref.
ALBSSLRating Readonly
ssl_session_timeout Ssl session timeout

The amount of time in seconds before an SSL session
expires.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 86400.
integer Default: "86400"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type

SSL Profile Type.
Enum options - SSL_PROFILE_TYPE_APPLICATION,
SSL_PROFILE_TYPE_SYSTEM.
Default value when not specified in API or module is
interpreted by ALB Controller as
SSL_PROFILE_TYPE_APPLICATION.
ALBSSLProfileType Default: "SSL_PROFILE_TYPE_APPLICATION"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBSSLProfileApiResponse (schema)

SSLProfileApiResponse

SSLProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of SSLProfile

Array of SSLProfile
array of ALBSSLProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBSSLProfileSelector (schema)

SSLProfileSelector

Advanced load balancer SSLProfileSelector object

Name Description Type Notes
client_ip_list Client ip list

Configure client IP address groups.		 ALBIpAddrMatch Required
ssl_profile_path Ssl profile path

SSL profile for the client IP addresses listed.
It is a reference to an object of type SSLProfile.
string Required

ALBSSLProfileType (schema)

SSLProfileType type

Valid ENUM values for ALBSSLProfileType

Name Description Type Notes
ALBSSLProfileType SSLProfileType type

Valid ENUM values for ALBSSLProfileType		 string Enum: SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM

ALBSSLRSAKeySize (schema)

SSLRSAKeySize type

Valid ENUM values for ALBSSLRSAKeySize

Name Description Type Notes
ALBSSLRSAKeySize SSLRSAKeySize type

Valid ENUM values for ALBSSLRSAKeySize		 string Enum: SSL_KEY_1024_BITS, SSL_KEY_2048_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS

ALBSSLRating (schema)

SSLRating

Advanced load balancer SSLRating object

Name Description Type Notes
compatibility_rating Compatibility rating

Enum options - SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD,
SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD,
SSL_SCORE_EXCELLENT.
ALBSSLScore
performance_rating Performance rating

Enum options - SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD,
SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD,
SSL_SCORE_EXCELLENT.
ALBSSLScore
security_score Security score

security_score of SSLRating.		 string

ALBSSLScore (schema)

SSLScore type

Valid ENUM values for ALBSSLScore

Name Description Type Notes
ALBSSLScore SSLScore type

Valid ENUM values for ALBSSLScore		 string Enum: SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT

ALBSSLVersion (schema)

SSLVersion

Advanced load balancer SSLVersion object

Name Description Type Notes
type Type

Enum options - SSL_VERSION_SSLV3, SSL_VERSION_TLS1,
SSL_VERSION_TLS1_1, SSL_VERSION_TLS1_2, SSL_VERSION_TLS1_3.
Allowed in Basic(Allowed values-
SSL_VERSION_SSLV3,SSL_VERSION_TLS1,SSL_VERSION_TLS1_1,SSL_VERSION_TLS1_2)
edition, Essentials(Allowed values-
SSL_VERSION_SSLV3,SSL_VERSION_TLS1,SSL_VERSION_TLS1_1,SSL_VERSION_TLS1_2)
edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as SSL_VERSION_TLS1_1.
ALBSSLVersionType Required
Default: "SSL_VERSION_TLS1_1"

ALBSSLVersionType (schema)

SSLVersionType type

Valid ENUM values for ALBSSLVersionType

Name Description Type Notes
ALBSSLVersionType SSLVersionType type

Valid ENUM values for ALBSSLVersionType		 string Enum: SSL_VERSION_SSLV3, SSL_VERSION_TLS1, SSL_VERSION_TLS1_1, SSL_VERSION_TLS1_2, SSL_VERSION_TLS1_3

ALBSSOPolicy (schema)

SSOPolicy

Advanced load balancer SSOPolicy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authentication_policy Authentication policy

Authentication Policy Settings.		 ALBAuthenticationPolicy Required
authorization_policy Authorization policy

Authorization Policy Settings.		 ALBAuthorizationPolicy
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBSSOPolicy string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type

SSO Policy Type.
Enum options - SSO_TYPE_SAML, SSO_TYPE_PINGACCESS,
SSO_TYPE_JWT.
Default value when not specified in API or module is
interpreted by ALB Controller as SSO_TYPE_SAML.
ALBSSOPolicyType Default: "SSO_TYPE_SAML"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBSSOPolicyApiResponse (schema)

SSOPolicyApiResponse

SSOPolicyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of SSOPolicy

Array of SSOPolicy
array of ALBSSOPolicy
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBSSOPolicyType (schema)

SSOPolicyType type

Valid ENUM values for ALBSSOPolicyType

Name Description Type Notes
ALBSSOPolicyType SSOPolicyType type

Valid ENUM values for ALBSSOPolicyType		 string Enum: SSO_TYPE_SAML, SSO_TYPE_PINGACCESS, SSO_TYPE_JWT

ALBSamlIdentityProviderSettings (schema)

SamlIdentityProviderSettings

Advanced load balancer SamlIdentityProviderSettings object

Name Description Type Notes
metadata Metadata

SAML IDP metadata.		 string

ALBSamlServiceProviderNode (schema)

SamlServiceProviderNode

Advanced load balancer SamlServiceProviderNode object

Name Description Type Notes
entity_id Entity id

Globally unique entityID for this node.
Entity ID on the IDP should match this.
string
name Name

Refers to the Cluster name identifier (Virtual IP or FQDN).		 string Required
signing_ssl_key_and_certificate_path Signing ssl key and certificate path

Service Engines will use this SSL certificate to sign
assertions going to the IdP.
It is a reference to an object of type
SSLKeyAndCertificate.
string
single_signon_url Single signon url

Single Signon URL to be programmed on the IDP.		 string

ALBSamlServiceProviderSettings (schema)

SamlServiceProviderSettings

Advanced load balancer SamlServiceProviderSettings object

Name Description Type Notes
fqdn Fqdn

FQDN if entity type is DNS_FQDN .		 string
org_display_name Org display name

Service Provider Organization Display Name.		 string
org_name Org name

Service Provider Organization Name.		 string
org_url Org url

Service Provider Organization URL.		 string
saml_entity_type Saml entity type

Type of SAML endpoint.
Enum options - AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN,
AUTH_SAML_APP_VS.
ALBAuthSamlEntityType
sp_nodes Sp nodes

Service Provider node information.		 array of ALBSamlServiceProviderNode
tech_contact_email Tech contact email

Service Provider technical contact email.		 string
tech_contact_name Tech contact name

Service Provider technical contact name.		 string

ALBSamlSettings (schema)

SamlSettings

Advanced load balancer SamlSettings object

Name Description Type Notes
idp Idp

Configure remote Identity provider settings.		 ALBSamlIdentityProviderSettings
sp Sp

Configure service provider settings for the Controller.		 ALBSamlServiceProviderSettings Required

ALBSeFlowDist (schema)

SeFlowDist type

Valid ENUM values for ALBSeFlowDist

Name Description Type Notes
ALBSeFlowDist SeFlowDist type

Valid ENUM values for ALBSeFlowDist		 string Enum: LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT

ALBSecurityPolicy (schema)

SecurityPolicy

Advanced load balancer SecurityPolicy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_attacks Dns attacks

Attacks utilizing the DNS protocol operations.		 ALBDnsAttacks
dns_policy_index Dns policy index

Index of the dns policy to use for the mitigation rules
applied to the dns attacks.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
network_security_policy_index Network security policy index

Index of the network security policy to use for the
mitigation rules applied to the attacks.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
oper_mode Oper mode

Mode of dealing with the attacks - perform detection only,
or detect and mitigate the attacks.
Enum options - DETECTION, MITIGATION.
Default value when not specified in API or module is
interpreted by ALB Controller as DETECTION.
ALBOperationMode Default: "DETECTION"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBSecurityPolicy string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBSecurityPolicyApiResponse (schema)

SecurityPolicyApiResponse

SecurityPolicyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of SecurityPolicy

Array of SecurityPolicy
array of ALBSecurityPolicy
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBSensitiveFieldRule (schema)

SensitiveFieldRule

Advanced load balancer SensitiveFieldRule object

Name Description Type Notes
action Action

Action for the matched log field, for instance the matched
field can be removed or masked off.
Enum options - LOG_FIELD_REMOVE, LOG_FIELD_MASKOFF.
Default value when not specified in API or module is
interpreted by ALB Controller as LOG_FIELD_REMOVE.
ALBLogAction Default: "LOG_FIELD_REMOVE"
enabled Enabled

Enable rule to match the sensitive fields.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
index Index

Index of the rule.		 integer
match Match

Criterion to use for matching in the Log.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBStringMatch
name Name

Name of the rule.		 string

ALBSensitiveLogProfile (schema)

SensitiveLogProfile

Advanced load balancer SensitiveLogProfile object

Name Description Type Notes
header_field_rules Header field rules

Match sensitive header fields in HTTP application log.		 array of ALBSensitiveFieldRule
uri_query_field_rules Uri query field rules

Match sensitive URI query params in HTTP application log.
Query params from the URI are extracted and checked for
matching sensitive parameter names.
A successful match will mask the parameter values in
accordance with this rule action.
array of ALBSensitiveFieldRule
waf_field_rules Waf field rules

Match sensitive WAF log fields in HTTP application log.		 array of ALBSensitiveFieldRule

ALBServer (schema)

Server

Advanced load balancer Server object

Name Description Type Notes
autoscaling_group_name Autoscaling group name

Name of autoscaling group this server belongs to.
Allowed in Essentials edition, Enterprise edition.
string
availability_zone Availability zone

Availability-zone of the server VM.		 string
description Description

A description of the Server.		 string
discovered_networks Discovered networks

(internal-use) Discovered networks providing reachability
for server IP.
This field is used internally by Avi, not editable by the
user.
array of ALBDiscoveredNetwork
enabled Enabled

Enable, Disable or Graceful Disable determine if new or
existing connections to the server are allowed.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
external_orchestration_id External orchestration id

UID of server in external orchestration systems.		 string
external_uuid External uuid

UUID identifying VM in OpenStack and other external
compute.
string
hostname Hostname

DNS resolvable name of the server.
May be used in place of the IP address.
string
ip Ip

IP Address of the server.
Required if there is no resolvable host name.
ALBIpAddr Required
is_static Is static

If statically learned.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
location Location

(internal-use) Geographic location of the server.Currently
only for internal usage.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBGeoLocation
mac_address Mac address

MAC address of server.		 string
port Port

Optionally specify the servers port number.
This will override the pool's default server port
attribute.
Allowed values are 1-65535.
Special values are 0- 'use backend port in pool'.
integer Minimum: 0
Maximum: 65535
prst_hdr_val Prst hdr val

Header value for custom header persistence.		 string
ratio Ratio

Ratio of selecting eligible servers in the pool.
Allowed values are 1-20.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: 1
Maximum: 20
Default: "1"
resolve_server_by_dns Resolve server by dns

Auto resolve server's IP using DNS name.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
rewrite_host_header Rewrite host header

Rewrite incoming Host Header to server name.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
server_node Server node

Hostname of the node where the server VM or container
resides.
string
verify_network Verify network

Verify server belongs to a discovered network or reachable
via a discovered network.
Verify reachable network isn't the OpenStack management
network.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"

ALBServerAutoScalePolicy (schema)

ServerAutoScalePolicy

Advanced load balancer ServerAutoScalePolicy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
delay_for_server_garbage_collection Delay for server garbage collection

Delay in minutes after which a down server will be removed
from Pool.
Value 0 disables this functionality.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intelligent_autoscale Intelligent autoscale

Use Avi intelligent autoscale algorithm where autoscale is
performed by comparing load on the pool against estimated
capacity of all the servers.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
intelligent_scalein_margin Intelligent scalein margin

Maximum extra capacity as percentage of load used by the
intelligent scheme.
Scalein is triggered when available capacity is more than
this margin.
Allowed values are 1-99.
Default value when not specified in API or module is
interpreted by ALB Controller as 40.
integer Minimum: 1
Maximum: 99
Default: "40"
intelligent_scaleout_margin Intelligent scaleout margin

Minimum extra capacity as percentage of load used by the
intelligent scheme.
Scaleout is triggered when available capacity is less than
this margin.
Allowed values are 1-99.
Default value when not specified in API or module is
interpreted by ALB Controller as 20.
integer Minimum: 1
Maximum: 99
Default: "20"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
max_scalein_adjustment_step Max scalein adjustment step

Maximum number of servers to scalein simultaneously.
The actual number of servers to scalein is chosen such that
target number of servers is always more than or equal to the
min_size.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Default: "1"
max_scaleout_adjustment_step Max scaleout adjustment step

Maximum number of servers to scaleout simultaneously.
The actual number of servers to scaleout is chosen such
that target number of servers is always less than or equal
to the max_size.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Default: "1"
max_size Max size

Maximum number of servers after scaleout.
Allowed values are 0-400.
integer Minimum: 0
Maximum: 400
min_size Min size

No scale-in happens once number of operationally up servers
reach min_servers.
Allowed values are 0-400.
integer Minimum: 0
Maximum: 400
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBServerAutoScalePolicy string
scalein_cooldown Scalein cooldown

Cooldown period during which no new scalein is triggered to
allow previous scalein to successfully complete.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 300.
integer Default: "300"
scaleout_cooldown Scaleout cooldown

Cooldown period during which no new scaleout is triggered
to allow previous scaleout to successfully complete.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 300.
integer Default: "300"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
use_predicted_load Use predicted load

Use predicted load rather than current load.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"

ALBServerAutoScalePolicyApiResponse (schema)

ServerAutoScalePolicyApiResponse

ServerAutoScalePolicyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of ServerAutoScalePolicy

Array of ServerAutoScalePolicy
array of ALBServerAutoScalePolicy
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBService (schema)

Service

Advanced load balancer Service object

Name Description Type Notes
enable_http2 Enable http2

Enable HTTP2 on this port.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_ssl Enable ssl

Enable SSL termination and offload for traffic from
clients.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
override_application_profile_path Override application profile path

Enable application layer specific features for the this
specific service.
It is a reference to an object of type ApplicationProfile.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
override_network_profile_path Override network profile path

Override the network profile for this specific service
port.
It is a reference to an object of type NetworkProfile.
string
port Port

The Virtual Service's port number.
Allowed values are 0-65535.
integer Required
Minimum: 0
Maximum: 65535
port_range_end Port range end

The end of the Virtual Service's port number range.
Allowed values are 1-65535.
Special values are 0- 'single port'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 65535
Default: "0"

ALBServicePoolSelector (schema)

ServicePoolSelector

Advanced load balancer ServicePoolSelector object

Name Description Type Notes
service_pool_group_path Service pool group path

It is a reference to an object of type PoolGroup.		 string
service_pool_path Service pool path

It is a reference to an object of type Pool.		 string
service_port Service port

Pool based destination port.
Allowed values are 1-65535.
integer Required
Minimum: 1
Maximum: 65535
service_port_range_end Service port range end

The end of the Service port number range.
Allowed values are 1-65535.
Special values are 0- 'single port'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 65535
Default: "0"
service_protocol Service protocol

Destination protocol to match for the pool selection.
If not specified, it will match any protocol.
Enum options - PROTOCOL_TYPE_TCP_PROXY,
PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH,
PROTOCOL_TYPE_UDP_PROXY.
ALBProtocolType

ALBSidebandProfile (schema)

SidebandProfile

Advanced load balancer SidebandProfile object

Name Description Type Notes
ip Ip

IP Address of the sideband server.		 array of ALBIpAddr
sideband_max_request_body_size Sideband max request body size

Maximum size of the request body that will be sent on the
sideband.
Allowed values are 0-16384.
Unit is BYTES.
Default value when not specified in API or module is
interpreted by ALB Controller as 1024.
integer Minimum: 0
Maximum: 16384
Default: "1024"

ALBSipMonTransport (schema)

SipMonTransport type

Valid ENUM values for ALBSipMonTransport

Name Description Type Notes
ALBSipMonTransport SipMonTransport type

Valid ENUM values for ALBSipMonTransport		 string Enum: SIP_UDP_PROTO, SIP_TCP_PROTO

ALBSipRequestCode (schema)

SipRequestCode type

Valid ENUM values for ALBSipRequestCode

Name Description Type Notes
ALBSipRequestCode SipRequestCode type

Valid ENUM values for ALBSipRequestCode		 string Enum: SIP_OPTIONS

ALBSipServiceApplicationProfile (schema)

SipServiceApplicationProfile

Advanced load balancer SipServiceApplicationProfile object

Name Description Type Notes
transaction_timeout Transaction timeout

SIP transaction timeout in seconds.
Allowed values are 2-512.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 32.
integer Minimum: 2
Maximum: 512
Default: "32"

ALBStreamingSyslogConfig (schema)

StreamingSyslogConfig

Advanced load balancer StreamingSyslogConfig object

Name Description Type Notes
facility Facility

Facility value, as defined in RFC5424, must be between 0
and 23 inclusive.
Allowed values are 0-23.
Default value when not specified in API or module is
interpreted by ALB Controller as 16.
integer Minimum: 0
Maximum: 23
Default: "16"
filtered_log_severity Filtered log severity

Severity code, as defined in RFC5424, for filtered logs.
This must be between 0 and 7 inclusive.
Allowed values are 0-7.
Default value when not specified in API or module is
interpreted by ALB Controller as 5.
integer Minimum: 0
Maximum: 7
Default: "5"
hostname Hostname

String to use as the hostname in the syslog messages.
This string can contain only printable ASCII characters
(hex 21 to hex 7E; no space allowed).
Default value when not specified in API or module is
interpreted by ALB Controller as AviVantage.
string Default: "AviVantage"
non_significant_log_severity Non significant log severity

Severity code, as defined in RFC5424, for non-significant
logs.
This must be between 0 and 7 inclusive.
Allowed values are 0-7.
Default value when not specified in API or module is
interpreted by ALB Controller as 6.
integer Minimum: 0
Maximum: 7
Default: "6"
significant_log_severity Significant log severity

Severity code, as defined in RFC5424, for significant logs.
This must be between 0 and 7 inclusive.
Allowed values are 0-7.
Default value when not specified in API or module is
interpreted by ALB Controller as 4.
integer Minimum: 0
Maximum: 7
Default: "4"

ALBStringGroup (schema)

StringGroup

Advanced load balancer StringGroup object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
kv Kv

Configure Key Value in the string group.		 array of ALBKeyValue
longest_match Longest match

Enable the longest match, default is the shortest match.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBStringGroup string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type

Type of StringGroup.
Enum options - SG_TYPE_STRING, SG_TYPE_KEYVAL.
Default value when not specified in API or module is
interpreted by ALB Controller as SG_TYPE_STRING.
ALBStringGroupType Required
Default: "SG_TYPE_STRING"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBStringGroupApiResponse (schema)

StringGroupApiResponse

StringGroupApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of StringGroup

Array of StringGroup
array of ALBStringGroup
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBStringGroupType (schema)

StringGroupType type

Valid ENUM values for ALBStringGroupType

Name Description Type Notes
ALBStringGroupType StringGroupType type

Valid ENUM values for ALBStringGroupType		 string Enum: SG_TYPE_STRING, SG_TYPE_KEYVAL

ALBStringMatch (schema)

StringMatch

Advanced load balancer StringMatch object

Name Description Type Notes
match_criteria Match criteria

Criterion to use for string matching the HTTP request.
Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS,
DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS,
DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH.
Allowed in Basic(Allowed values-
BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL)
edition, Essentials(Allowed values-
BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL)
edition, Enterprise edition.
ALBStringOperation Required
match_str Match str

String value(s).		 array of string
string_group_paths String group paths

path of the string group(s).
It is a reference to an object of type StringGroup.
array of string

ALBStringOperation (schema)

StringOperation type

Valid ENUM values for ALBStringOperation

Name Description Type Notes
ALBStringOperation StringOperation type

Valid ENUM values for ALBStringOperation		 string Enum: BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH

ALBTCPApplicationProfile (schema)

TCPApplicationProfile

Advanced load balancer TCPApplicationProfile object

Name Description Type Notes
pki_profile_path Pki profile path

Select the PKI profile to be associated with the Virtual
Service.
This profile defines the Certificate Authority and
Revocation List.
It is a reference to an object of type PKIProfile.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
proxy_protocol_enabled Proxy protocol enabled

Enable/Disable the usage of proxy protocol to convey client
connection information to the back-end servers.
Valid only for L4 application profiles and TCP proxy.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
proxy_protocol_version Proxy protocol version

Version of proxy protocol to be used to convey client
connection information to the back-end servers.
Enum options - PROXY_PROTOCOL_VERSION_1,
PROXY_PROTOCOL_VERSION_2.
Allowed in Basic(Allowed values- PROXY_PROTOCOL_VERSION_1)
edition, Essentials(Allowed values-
PROXY_PROTOCOL_VERSION_1) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as PROXY_PROTOCOL_VERSION_1.
ALBProxyProtocolVersion Default: "PROXY_PROTOCOL_VERSION_1"
ssl_client_certificate_mode Ssl client certificate mode

Specifies whether the client side verification is set to
none, request or require.
Enum options - SSL_CLIENT_CERTIFICATE_NONE,
SSL_CLIENT_CERTIFICATE_REQUEST,
SSL_CLIENT_CERTIFICATE_REQUIRE.
Allowed in Basic(Allowed values-
SSL_CLIENT_CERTIFICATE_NONE) edition, Essentials(Allowed
values- SSL_CLIENT_CERTIFICATE_NONE) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as
SSL_CLIENT_CERTIFICATE_NONE.
ALBSSLClientCertificateMode Default: "SSL_CLIENT_CERTIFICATE_NONE"

ALBTCPFastPathProfile (schema)

TCPFastPathProfile

Advanced load balancer TCPFastPathProfile object

Name Description Type Notes
dsr_profile Dsr profile

DSR profile information.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBDsrProfile
enable_syn_protection Enable syn protection

When enabled, Avi will complete the 3-way handshake with
the client before forwarding any packets to the server.
This will protect the server from SYN flood and half open
SYN connections.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
session_idle_timeout Session idle timeout

The amount of time (in sec) for which a connection needs to
be idle before it is eligible to be deleted.
Allowed values are 5-14400.
Special values are 0 - 'infinite'.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 300.
integer Minimum: 0
Maximum: 14400
Default: "300"

ALBTCPProxyProfile (schema)

TCPProxyProfile

Advanced load balancer TCPProxyProfile object

Name Description Type Notes
aggressive_congestion_avoidance Aggressive congestion avoidance

Controls the our congestion window to send, normally it's 1
mss, If this option is turned on, we use 10 msses.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
auto_window_growth Auto window growth

Controls whether the windows are static or supports
autogrowth.
Maximum that it can grow to is limited to 4MB.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
automatic Automatic

Dynamically pick the relevant parameters for connections.
Allowed in Basic(Allowed values- true) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
cc_algo Cc algo

Controls the congestion control algorithm we use.
Enum options - CC_ALGO_NEW_RENO, CC_ALGO_CUBIC,
CC_ALGO_HTCP.
Default value when not specified in API or module is
interpreted by ALB Controller as CC_ALGO_NEW_RENO.
ALBCongestionAlgo Default: "CC_ALGO_NEW_RENO"
congestion_recovery_scaling_factor Congestion recovery scaling factor

Congestion window scaling factor after recovery.
Allowed values are 0-8.
Default value when not specified in API or module is
interpreted by ALB Controller as 2.
integer Minimum: 0
Maximum: 8
Default: "2"
idle_connection_timeout Idle connection timeout

The duration for keepalive probes or session idle timeout.
Max value is 3600 seconds, min is 5.
Set to 0 to allow infinite idle time.
Allowed values are 5-14400.
Special values are 0 - 'infinite'.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 600.
integer Minimum: 0
Maximum: 14400
Default: "600"
idle_connection_type Idle connection type

Controls the behavior of idle connections.
Enum options - KEEP_ALIVE, CLOSE_IDLE.
Default value when not specified in API or module is
interpreted by ALB Controller as KEEP_ALIVE.
ALBIdleConnectionType Default: "KEEP_ALIVE"
ignore_time_wait Ignore time wait

A new SYN is accepted from the same 4-tuple even if there
is already a connection in TIME_WAIT state.
This is equivalent of setting Time Wait Delay to 0.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
ip_dscp Ip dscp

Controls the value of the Differentiated Services Code
Point field inserted in the IP header.
This has two options Set to a specific value, or Pass
Through, which uses the incoming DSCP value.
Allowed values are 0-63.
Special values are MAX - 'Passthrough'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 63
Default: "0"
keepalive_in_halfclose_state Keepalive in halfclose state

Controls whether to keep the connection alive with
keepalive messages in the TCP half close state.
The interval for sending keepalive messages is 30s.
If a timeout is already configured in the network profile,
this will not override it.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
max_retransmissions Max retransmissions

The number of attempts at retransmit before closing the
connection.
Allowed values are 3-8.
Default value when not specified in API or module is
interpreted by ALB Controller as 8.
integer Minimum: 3
Maximum: 8
Default: "8"
max_segment_size Max segment size

Maximum TCP segment size.
Allowed values are 512-9000.
Special values are 0 - 'Use Interface MTU'.
Unit is BYTES.
integer Minimum: 0
Maximum: 9000
max_syn_retransmissions Max syn retransmissions

The maximum number of attempts at retransmitting a SYN
packet before giving up.
Allowed values are 3-8.
Default value when not specified in API or module is
interpreted by ALB Controller as 8.
integer Minimum: 3
Maximum: 8
Default: "8"
min_rexmt_timeout Min rexmt timeout

The minimum wait time (in millisec) to retransmit packet.
Allowed values are 50-5000.
Unit is MILLISECONDS.
integer Minimum: 50
Maximum: 5000
nagles_algorithm Nagles algorithm

Consolidates small data packets to send clients fewer but
larger packets.
Adversely affects real time protocols such as telnet or
SSH.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
reassembly_queue_size Reassembly queue size

Maximum number of TCP segments that can be queued for
reassembly.
Configuring this to 0 disables the feature and provides
unlimited queuing.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Default: "0"
receive_window Receive window

Size of the receive window.
Allowed values are 2-65536.
Unit is KB.
Default value when not specified in API or module is
interpreted by ALB Controller as 64.
integer Minimum: 2
Maximum: 65536
Default: "64"
reorder_threshold Reorder threshold

Controls the number of duplicate acks required to trigger
retransmission.
Setting a higher value reduces retransmission caused by
packet reordering.
A larger value is recommended in public cloud environments
where packet reordering is quite common.
The default value is 8 in public cloud platforms (AWS,
Azure, GCP), and 3 in other environments.
Allowed values are 1-100.
integer Minimum: 1
Maximum: 100
slow_start_scaling_factor Slow start scaling factor

Congestion window scaling factor during slow start.
Allowed values are 0-8.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: 0
Maximum: 8
Default: "1"
time_wait_delay Time wait delay

The time (in millisec) to wait before closing a connection
in the TIME_WAIT state.
Allowed values are 500-2000.
Special values are 0 - 'immediate'.
Unit is MILLISECONDS.
Default value when not specified in API or module is
interpreted by ALB Controller as 2000.
integer Minimum: 0
Maximum: 2000
Default: "2000"
use_interface_mtu Use interface mtu

Use the interface MTU to calculate the TCP max segment
size.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBTacacsPlusAuthSettings (schema)

TacacsPlusAuthSettings

Advanced load balancer TacacsPlusAuthSettings object

Name Description Type Notes
authorization_attrs Authorization attrs

TACACS+ authorization attribute value pairs.		 array of ALBAuthTacacsPlusAttributeValuePair
password Password

TACACS+ server shared secret.		 string
port Port

TACACS+ server listening port.
Default value when not specified in API or module is
interpreted by ALB Controller as 49.
integer Default: "49"
server Server

TACACS+ server IP address or FQDN.
Minimum of 1 items required.
array of string Required
service Service

TACACS+ service.
Enum options - AUTH_TACACS_PLUS_SERVICE_NONE,
AUTH_TACACS_PLUS_SERVICE_LOGIN,
AUTH_TACACS_PLUS_SERVICE_ENABLE,
AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP,
AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD,
AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI,
AUTH_TACACS_PLUS_SERVICE_FWPROXY.
Default value when not specified in API or module is
interpreted by ALB Controller as
AUTH_TACACS_PLUS_SERVICE_LOGIN.
ALBAuthTacacsPlusService Default: "AUTH_TACACS_PLUS_SERVICE_LOGIN"

ALBTag (schema)

Tag

Advanced load balancer Tag object

Name Description Type Notes
type Type

Enum options - AVI_DEFINED, USER_DEFINED, VCENTER_DEFINED.
Default value when not specified in API or module is
interpreted by ALB Controller as USER_DEFINED.
ALBTagType Default: "USER_DEFINED"
value Value

value of Tag.		 string Required

ALBTagType (schema)

TagType type

Valid ENUM values for ALBTagType

Name Description Type Notes
ALBTagType TagType type

Valid ENUM values for ALBTagType		 string Enum: AVI_DEFINED, USER_DEFINED, VCENTER_DEFINED

ALBTrafficCloneProfile (schema)

TrafficCloneProfile

Advanced load balancer TrafficCloneProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
clone_servers Clone servers

Maximum of 10 items allowed.		 array of ALBCloneServer
cloud_name Cloud name

It is a reference to an object of type Cloud.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
preserve_client_ip Preserve client ip

Specifies if client IP needs to be preserved to clone
destination.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBTrafficCloneProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBTrafficCloneProfileApiResponse (schema)

TrafficCloneProfileApiResponse

TrafficCloneProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of TrafficCloneProfile

Array of TrafficCloneProfile
array of ALBTrafficCloneProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBUDPFastPathProfile (schema)

UDPFastPathProfile

Advanced load balancer UDPFastPathProfile object

Name Description Type Notes
dsr_profile Dsr profile

DSR profile information.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBDsrProfile
per_pkt_loadbalance Per pkt loadbalance

When enabled, every UDP packet is considered a new
transaction and may be load balanced to a different server.
When disabled, packets from the same client source IP and
port are sent to the same server.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
session_idle_timeout Session idle timeout

The amount of time (in sec) for which a flow needs to be
idle before it is deleted.
Allowed values are 2-3600.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Minimum: 2
Maximum: 3600
Default: "10"
snat Snat

When disabled, Source NAT will not be performed for all
client UDP packets.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBUDPProxyProfile (schema)

UDPProxyProfile

Advanced load balancer UDPProxyProfile object

Name Description Type Notes
session_idle_timeout Session idle timeout

The amount of time (in sec) for which a flow needs to be
idle before it is deleted.
Allowed values are 2-3600.
Unit is SEC.
Default value when not specified in API or module is
interpreted by ALB Controller as 10.
integer Minimum: 2
Maximum: 3600
Default: "10"

ALBURIParam (schema)

URIParam

Advanced load balancer URIParam object

Name Description Type Notes
tokens Tokens

Token config either for the URI components or a constant
string.
Minimum of 1 items required.
array of ALBURIParamToken Required
type Type

URI param type.
Enum options - URI_PARAM_TYPE_TOKENIZED.
ALBURIParamType Required

ALBURIParamQuery (schema)

URIParamQuery

Advanced load balancer URIParamQuery object

Name Description Type Notes
add_string Add string

Concatenate a string to the query of the incoming request
URI and then use it in the request URI going to the backend
server.
string
keep_query Keep query

Use or drop the query of the incoming request URI in the
request URI to the backend server.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBURIParamToken (schema)

URIParamToken

Advanced load balancer URIParamToken object

Name Description Type Notes
end_index End index

Index of the ending token in the incoming URI.
Allowed values are 0-65534.
Special values are 65535 - 'end of string'.
integer Minimum: 0
Maximum: 65535
start_index Start index

Index of the starting token in the incoming URI.		 integer
str_value Str value

Constant string to use as a token.		 string
type Type

Token type for constructing the URI.
Enum options - URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH,
URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP,
URI_TOKEN_TYPE_REGEX.
ALBURITokenType Required

ALBURIParamType (schema)

URIParamType type

Valid ENUM values for ALBURIParamType

Name Description Type Notes
ALBURIParamType URIParamType type

Valid ENUM values for ALBURIParamType		 string Enum: URI_PARAM_TYPE_TOKENIZED

ALBURITokenType (schema)

URITokenType type

Valid ENUM values for ALBURITokenType

Name Description Type Notes
ALBURITokenType URITokenType type

Valid ENUM values for ALBURITokenType		 string Enum: URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH, URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP, URI_TOKEN_TYPE_REGEX

ALBVSDataScript (schema)

VSDataScript

Advanced load balancer VSDataScript object

Name Description Type Notes
evt Evt

Event triggering execution of datascript.
Enum options - VS_DATASCRIPT_EVT_HTTP_REQ,
VS_DATASCRIPT_EVT_HTTP_RESP,
VS_DATASCRIPT_EVT_HTTP_RESP_DATA,
VS_DATASCRIPT_EVT_HTTP_LB_FAILED,
VS_DATASCRIPT_EVT_HTTP_REQ_DATA,
VS_DATASCRIPT_EVT_HTTP_RESP_FAILED,
VS_DATASCRIPT_EVT_HTTP_LB_DONE, VS_DATASCRIPT_EVT_HTTP_AUTH,
VS_DATASCRIPT_EVT_HTTP_POST_AUTH,
VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT,
VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE,
VS_DATASCRIPT_EVT_DNS_REQ, VS_DATASCRIPT_EVT_DNS_RESP,
VS_DATASCRIPT_EVT_L4_REQUEST, VS_DATASCRIPT_EVT_L4_RESPONSE,
VS_DATASCRIPT_EVT_MAX.
Allowed in Basic(Allowed values-
VS_DATASCRIPT_EVT_HTTP_REQ) edition, Enterprise edition.
ALBVSDataScriptEvent Required
script Script

Datascript to execute when the event triggers.		 string Required

ALBVSDataScriptEvent (schema)

VSDataScriptEvent type

Valid ENUM values for ALBVSDataScriptEvent

Name Description Type Notes
ALBVSDataScriptEvent VSDataScriptEvent type

Valid ENUM values for ALBVSDataScriptEvent		 string Enum: VS_DATASCRIPT_EVT_HTTP_REQ, VS_DATASCRIPT_EVT_HTTP_RESP, VS_DATASCRIPT_EVT_HTTP_RESP_DATA, VS_DATASCRIPT_EVT_HTTP_LB_FAILED, VS_DATASCRIPT_EVT_HTTP_REQ_DATA, VS_DATASCRIPT_EVT_HTTP_RESP_FAILED, VS_DATASCRIPT_EVT_HTTP_LB_DONE, VS_DATASCRIPT_EVT_HTTP_AUTH, VS_DATASCRIPT_EVT_HTTP_POST_AUTH, VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT, VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE, VS_DATASCRIPT_EVT_DNS_REQ, VS_DATASCRIPT_EVT_DNS_RESP, VS_DATASCRIPT_EVT_L4_REQUEST, VS_DATASCRIPT_EVT_L4_RESPONSE, VS_DATASCRIPT_EVT_MAX

ALBVSDataScriptSet (schema)

VSDataScriptSet

Advanced load balancer VSDataScriptSet object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
created_by Created by

Creator name.		 string
datascript Datascript

DataScripts to execute.		 array of ALBVSDataScript
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipgroup_paths Ipgroup paths

path of IP Groups that could be referred by VSDataScriptSet
objects.
It is a reference to an object of type IpAddrGroup.
array of string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pool_group_paths Pool group paths

path of pool groups that could be referred by
VSDataScriptSet objects.
It is a reference to an object of type PoolGroup.
array of string
pool_paths Pool paths

path of pools that could be referred by VSDataScriptSet
objects.
It is a reference to an object of type Pool.
array of string
protocol_parser_paths Protocol parser paths

List of protocol parsers that could be referred by
VSDataScriptSet objects.
It is a reference to an object of type ProtocolParser.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of string
rate_limiters Rate limiters

The Rate Limit definitions needed for this DataScript.
The name is composed of the Virtual Service name and the
DataScript name.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRateLimiter
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBVSDataScriptSet string
string_group_paths String group paths

path of String Groups that could be referred by
VSDataScriptSet objects.
It is a reference to an object of type StringGroup.
array of string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBVSDataScriptSetApiResponse (schema)

VSDataScriptSetApiResponse

VSDataScriptSetApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of VSDataScriptSet

Array of VSDataScriptSet
array of ALBVSDataScriptSet
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBVSDataScripts (schema)

VSDataScripts

Advanced load balancer VSDataScripts object

Name Description Type Notes
index Index

Index of the virtual service datascript collection.		 integer Required
vs_datascript_set_path Vs datascript set path

path of the virtual service datascript collection.
It is a reference to an object of type VSDataScriptSet.
string Required

ALBVip (schema)

Vip

Advanced load balancer Vip object

Name Description Type Notes
auto_allocate_floating_ip Auto allocate floating ip

Auto-allocate floating/elastic IP from the Cloud
infrastructure.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
auto_allocate_ip Auto allocate ip

Auto-allocate VIP from the provided subnet.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
auto_allocate_ip_type Auto allocate ip type

Specifies whether to auto-allocate only a V4 address, only
a V6 address, or one of each type.
Enum options - V4_ONLY, V6_ONLY, V4_V6.
Allowed in Basic(Allowed values- V4_ONLY) edition,
Essentials(Allowed values- V4_ONLY) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as V4_ONLY.
ALBIpAddressVersions Default: "V4_ONLY"
availability_zone Availability zone

Availability-zone to place the Virtual Service.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
avi_allocated_fip Avi allocated fip

(internal-use) FIP allocated by Avi in the Cloud
infrastructure.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
avi_allocated_vip Avi allocated vip

(internal-use) VIP allocated by Avi in the Cloud
infrastructure.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
discovered_networks Discovered networks

Discovered networks providing reachability for client
facing Vip IP.
array of ALBDiscoveredNetwork
enabled Enabled

Enable or disable the Vip.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
floating_ip Floating ip

Floating IPv4 to associate with this Vip.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBIpAddr
floating_ip6 Floating ip6

Floating IPv6 address to associate with this Vip.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBIpAddr
floating_subnet6_uuid Floating subnet6 uuid

If auto_allocate_floating_ip is True and more than one
floating-ip subnets exist, then the subnet for the floating
IPv6 address allocation.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
floating_subnet_uuid Floating subnet uuid

If auto_allocate_floating_ip is True and more than one
floating-ip subnets exist, then the subnet for the floating
IP address allocation.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
ip6_address Ip6 address

IPv6 Address of the Vip.		 ALBIpAddr
ip_address Ip address

IPv4 Address of the VIP.		 ALBIpAddr
ipam_network_subnet Ipam network subnet

Subnet and/or Network for allocating VirtualService IP by
IPAM Provider module.
ALBIPNetworkSubnet
network_name Network name

Manually override the network on which the Vip is placed.
It is a reference to an object of type Network.
string
placement_networks Placement networks

Placement networks/subnets to use for vip placement.
Maximum of 10 items allowed.
array of ALBVipPlacementNetwork
port_uuid Port uuid

(internal-use) Network port assigned to the Vip IP address.		 string
prefix_length Prefix length

Mask applied for the Vip, non-default mask supported only
for wildcard Vip.
Allowed values are 0-32.
Allowed in Basic(Allowed values- 32) edition,
Essentials(Allowed values- 32) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 32.
integer Minimum: 0
Maximum: 32
Default: "32"
subnet Subnet

Subnet providing reachability for client facing Vip IP.		 ALBIpAddrPrefix
subnet6 Subnet6

Subnet providing reachability for client facing Vip IPv6.
Allowed in Essentials edition, Enterprise edition.
ALBIpAddrPrefix
subnet6_uuid Subnet6 uuid

If auto_allocate_ip is True, then the subnet for the Vip
IPv6 address allocation.
This field is applicable only if the VirtualService belongs
to an Openstack or AWS cloud, in which case it is mandatory,
if auto_allocate is selected.
Allowed in Essentials edition, Enterprise edition.
string
subnet_uuid Subnet uuid

If auto_allocate_ip is True, then the subnet for the Vip IP
address allocation.
This field is applicable only if the VirtualService belongs
to an Openstack or AWS cloud, in which case it is mandatory,
if auto_allocate is selected.
string
vip_id Vip id

Unique ID associated with the vip.		 string Required

ALBVipPlacementNetwork (schema)

VipPlacementNetwork

Advanced load balancer VipPlacementNetwork object

Name Description Type Notes
network_name Network name

Network to use for vip placement.
It is a reference to an object of type Network.
string
subnet Subnet

IPv4 Subnet to use for vip placement.		 ALBIpAddrPrefix
subnet6 Subnet6

IPv6 subnet to use for vip placement.		 ALBIpAddrPrefix

ALBVirtualService (schema)

VirtualService

Advanced load balancer VirtualService object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
active_standby_se_tag Active standby se tag

This configuration only applies if the VirtualService is in
Legacy Active Standby HA mode and Load Distribution among
Active Standby is enabled.
This field is used to tag the VirtualService so that
VirtualServices with the same tag will share the same Active
ServiceEngine.
VirtualServices with different tags will have different
Active ServiceEngines.
If one of the ServiceEngine's in the ServiceEngineGroup
fails, all VirtualServices will end up using the same Active
ServiceEngine.
Redistribution of the VirtualServices can be either manual
or automated when the failed ServiceEngine recovers.
Redistribution is based on the auto redistribute property
of the ServiceEngineGroup.
Enum options - ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2.
Default value when not specified in API or module is
interpreted by ALB Controller as ACTIVE_STANDBY_SE_1.
ALBActiveStandbySeTag Default: "ACTIVE_STANDBY_SE_1"
advertise_down_vs Advertise down vs

Keep advertising Virtual Service via BGP even if it is
marked down by health monitor.
This setting takes effect for future Virtual Service flaps.
To advertise current VSes that are down, please disable and
re-enable the Virtual Service.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
allow_invalid_client_cert Allow invalid client cert

Process request even if invalid client certificate is
presented.
Datascript APIs need to be used for processing of such
requests.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
analytics_policy Analytics policy

Determines analytics settings for the application.		 ALBAnalyticsPolicy
analytics_profile_path Analytics profile path

Specifies settings related to analytics.
It is a reference to an object of type AnalyticsProfile.
string
apic_contract_graph Apic contract graph

The name of the Contract/Graph associated with the Virtual
Service.
Should be in the format.
This is applicable only for Service Integration mode with
Cisco APIC Controller.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
application_profile_path Application profile path

Enable application layer specific features for the Virtual
Service.
It is a reference to an object of type ApplicationProfile.
Special default for Essentials edition is
System-L4-Application.
string
azure_availability_set Azure availability set

(internal-use)Applicable for Azure only.
Azure Availability set to which this VS is associated.
Internally set by the cloud connector.
string
bgp_peer_labels Bgp peer labels

Select BGP peers, using peer label, for VsVip
advertisement.
Maximum of 128 items allowed.
array of string
bulk_sync_kvcache Bulk sync kvcache

(This is a beta feature).
Sync Key-Value cache to the new SEs when VS is scaled out.
For ex SSL sessions are stored using VS's Key-Value cache.
When the VS is scaled out, the SSL session information is
synced to the new SE, allowing existing SSL sessions to be
reused on the new SE.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
client_auth Client auth

HTTP authentication configuration for protected resources.		 ALBHTTPClientAuthenticationParams
close_client_conn_on_config_update Close client conn on config update

close client connection on vs config update.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
cloud_config_cksum Cloud config cksum

Checksum of cloud configuration for VS.
Internally set by cloud connector.
string
cloud_name Cloud name

It is a reference to an object of type Cloud.		 string
cloud_type Cloud type

Enum options - CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK,
CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS,
CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER,
CLOUD_OSHIFT_K8S, CLOUD_AZURE, CLOUD_GCP, CLOUD_NSXT.
Allowed in Basic(Allowed values- CLOUD_NONE,CLOUD_NSXT)
edition, Essentials(Allowed values-
CLOUD_NONE,CLOUD_VCENTER) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as CLOUD_NONE.
ALBCloudType Default: "CLOUD_NONE"
connections_rate_limit Connections rate limit

Rate limit the incoming connections to this virtual
service.
ALBRateProfile
content_rewrite Content rewrite

Profile used to match and rewrite strings in request and/or
response body.
ALBContentRewriteProfile
created_by Created by

Creator name.		 string
delay_fairness Delay fairness

Select the algorithm for QoS fairness.
This determines how multiple Virtual Services sharing the
same Service Engines will prioritize traffic over a
congested network.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_info Dns info

Service discovery specific data including fully qualified
domain name, type and Time-To-Live of the DNS record.
Note that only one of fqdn and dns_info setting is allowed.
Maximum of 1000 items allowed.
array of ALBDnsInfo
dns_policies Dns policies

DNS Policies applied on the dns traffic of the Virtual
Service.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBDnsPolicies
east_west_placement East west placement

Force placement on all SE's in service group (Mesos mode
only).
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_autogw Enable autogw

Response traffic to clients will be sent back to the source
MAC address of the connection, rather than statically sent
to a default gateway.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Special default for Basic edition is false, Essentials
edition is false, Enterprise is True.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_rhi Enable rhi

Enable Route Health Injection using the BGP Config in the
vrf context.
boolean
enable_rhi_snat Enable rhi snat

Enable Route Health Injection for Source NAT'ted floating
IP Address using the BGP Config in the vrf context.
boolean
enabled Enabled

Enable or disable the Virtual Service.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
error_page_profile_path Error page profile path

Error Page Profile to be used for this virtualservice.This
profile is used to send the custom error page to the client
generated by the proxy.
It is a reference to an object of type ErrorPageProfile.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
flow_dist Flow dist

Criteria for flow distribution among SEs.
Enum options - LOAD_AWARE,
CONSISTENT_HASH_SOURCE_IP_ADDRESS,
CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT.
Allowed in Basic(Allowed values- LOAD_AWARE) edition,
Essentials(Allowed values- LOAD_AWARE) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as LOAD_AWARE.
ALBSeFlowDist Default: "LOAD_AWARE"
flow_label_type Flow label type

Criteria for flow labelling.
Enum options - NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL.
Default value when not specified in API or module is
interpreted by ALB Controller as NO_LABEL.
ALBFlowLabelType Default: "NO_LABEL"
fqdn Fqdn

DNS resolvable, fully qualified domain name of the
virtualservice.
Only one of 'fqdn' and 'dns_info' configuration is allowed.
string
group_paths Group paths

A list of NSX Groups representing the Clients which can
access the Virtual IP of the Virtual Service.
array of string
host_name_xlate Host name xlate

Translate the host name sent to the servers to this value.
Translate the host name sent from servers back to the value
used by the client.
string
http_policies Http policies

HTTP Policies applied on the data traffic of the Virtual
Service.
array of ALBHTTPPolicies
id Unique identifier of this resource string Sortable
ign_pool_net_reach Ign pool net reach

Ignore Pool servers network reachability constraints for
Virtual Service placement.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
l4_policies L4 policies

L4 Policies applied to the data traffic of the Virtual
Service.
array of ALBL4Policies
limit_doser Limit doser

Limit potential DoS attackers who exceed max_cps_per_client
significantly to a fraction of max_cps_per_client for a
while.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
max_cps_per_client Max cps per client

Maximum connections per second per client IP.
Allowed values are 10-1000.
Special values are 0- 'unlimited'.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1000
Default: "0"
min_pools_up Min pools up

Minimum number of UP pools to mark VS up.		 integer
network_profile_path Network profile path

Determines network settings such as protocol, TCP or UDP,
and related options for the protocol.
It is a reference to an object of type NetworkProfile.
Special default for Essentials edition is
System-TCP-Fast-Path.
string
network_security_policy_path Network security policy path

Network security policies for the Virtual Service.
It is a reference to an object of type
NetworkSecurityPolicy.
string
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
performance_limits Performance limits

Optional settings that determine performance limits like
max connections or bandwdith etc.
ALBPerformanceLimits
pool_group_path Pool group path

The pool group is an object that contains pools.
It is a reference to an object of type PoolGroup.
string
pool_path Pool path

The pool is an object that contains destination servers and
related attributes such as load-balancing and persistence.
It is a reference to an object of type Pool.
string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
remove_listening_port_on_vs_down Remove listening port on vs down

Remove listening port if VirtualService is down.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
requests_rate_limit Requests rate limit

Rate limit the incoming requests to this virtual service.		 ALBRateProfile
resource_type Must be set to the value ALBVirtualService string
saml_sp_config Saml sp config

Application-specific SAML config.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
ALBSAMLSPConfig
se_group_name Se group name

The Service Engine Group to use for this Virtual Service.
Moving to a new SE Group is disruptive to existing
connections for this VS.
It is a reference to an object of type ServiceEngineGroup.
string
security_policy_path Security policy path

Security policy applied on the traffic of the Virtual
Service.
This policy is used to perform security actions such as
Distributed Denial of Service (DDoS) attack mitigation, etc.
It is a reference to an object of type SecurityPolicy.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
server_network_profile_path Server network profile path

Determines the network settings profile for the server side
of TCP proxied connections.
Leave blank to use the same settings as the client to VS
side of the connection.
It is a reference to an object of type NetworkProfile.
string
service_metadata Service metadata

Metadata pertaining to the Service provided by this virtual
service.
In Openshift/Kubernetes environments, egress pod info is
stored.
Any user input to this field will be overwritten by Avi
Vantage.
string
service_pool_select Service pool select

Select pool based on destination port.		 array of ALBServicePoolSelector
services Services

List of Services defined for this Virtual Service.
Maximum of 2048 items allowed.
array of ALBService
sideband_profile Sideband profile

Sideband configuration to be used for this
virtualservice.It can be used for sending traffic to
sideband VIPs for external inspection etc.
ALBSidebandProfile
snat_ip Snat ip

NAT'ted floating source IP Address(es) for upstream
connection to servers.
Maximum of 32 items allowed.
array of ALBIpAddr
sp_pool_paths Sp pool paths

GSLB pools used to manage site-persistence functionality.
Each site-persistence pool contains the virtualservices in
all the other sites, that is auto-generated by the GSLB
manager.
This is a read-only field for the user.
It is a reference to an object of type Pool.
array of string
ssl_key_and_certificate_paths Ssl key and certificate paths

Select or create one or two certificates, EC and/or RSA,
that will be presented to SSL/TLS terminated connections.
It is a reference to an object of type
SSLKeyAndCertificate.
array of string
ssl_profile_path Ssl profile path

Determines the set of SSL versions and ciphers to accept
for SSL/TLS terminated connections.
It is a reference to an object of type SSLProfile.
string
ssl_profile_selectors Ssl profile selectors

Select SSL Profile based on client IP address match.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBSSLProfileSelector
ssl_sess_cache_avg_size Ssl sess cache avg size

Expected number of SSL session cache entries (may be
exceeded).
Allowed values are 1024-16383.
Default value when not specified in API or module is
interpreted by ALB Controller as 1024.
integer Minimum: 1024
Maximum: 16383
Default: "1024"
sso_policy_path Sso policy path

The SSO Policy attached to the virtualservice.
It is a reference to an object of type SSOPolicy.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
static_dns_records Static dns records

List of static DNS records applied to this Virtual Service.
These are static entries and no health monitoring is
performed against the IP addresses.
Maximum of 1000 items allowed.
array of ALBDnsRecord
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
topology_policies Topology policies

Topology Policies applied on the dns traffic of the Virtual
Service based onGSLB Topology algorithm.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBDnsPolicies
traffic_clone_profile_path Traffic clone profile path

Server network or list of servers for cloning traffic.
It is a reference to an object of type TrafficCloneProfile.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
traffic_enabled Traffic enabled

Knob to enable the Virtual Service traffic on its assigned
service engines.
This setting is effective only when the enabled flag is set
to True.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
type Type

Specify if this is a normal Virtual Service, or if it is
the parent or child of an SNI-enabled virtual hosted Virtual
Service.
Enum options - VS_TYPE_NORMAL, VS_TYPE_VH_PARENT,
VS_TYPE_VH_CHILD.
Allowed in Basic(Allowed values-
VS_TYPE_NORMAL,VS_TYPE_VH_PARENT) edition,
Essentials(Allowed values- VS_TYPE_NORMAL) edition,
Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as VS_TYPE_NORMAL.
ALBVirtualServiceType Default: "VS_TYPE_NORMAL"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
use_bridge_ip_as_vip Use bridge ip as vip

Use Bridge IP as VIP on each Host in Mesos deployments.
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
use_vip_as_snat Use vip as snat

Use the Virtual IP as the SNAT IP for health monitoring and
sending traffic to the backend servers instead of the
Service Engine interface IP.
The caveat of enabling this option is that the
VirtualService cannot be configured in an Active-Active HA
mode.
DNS based Multi VIP solution has to be used for HA &
Non-disruptive Upgrade purposes.
Allowed in Essentials(Allowed values- false) edition,
Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
vh_domain_name Vh domain name

The exact name requested from the client's SNI-enabled TLS
hello domain name field.
If this is a match, the parent VS will forward the
connection to this child VS.
array of string
vh_parent_vs_uuid Vh parent vs uuid

Specifies the Virtual Service acting as Virtual Hosting
(SNI) parent.
string
vip Vip

List of Virtual Service IPs.
While creating a 'Shared VS',please use vsvip_ref to point
to the shared entities.
array of ALBVip
vrf_context_name Vrf context name

Virtual Routing Context that the Virtual Service is bound
to.
This is used to provide the isolation of the set of
networks the application is attached to.
It is a reference to an object of type VrfContext.
string
vs_datascripts Vs datascripts

Datascripts applied on the data traffic of the Virtual
Service.
array of ALBVSDataScripts
vsvip_path Vsvip path

Mostly used during the creation of Shared VS, this field
refers to entities that can be shared across Virtual
Services.
It is a reference to an object of type VsVip.
string
waf_policy_path Waf policy path

WAF policy for the Virtual Service.
It is a reference to an object of type WafPolicy.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
string
weight Weight

The Quality of Service weight to assign to traffic
transmitted from this Virtual Service.
A higher weight will prioritize traffic versus other
Virtual Services sharing the same Service Engines.
Allowed values are 1-128.
Allowed in Basic(Allowed values- 1) edition,
Essentials(Allowed values- 1) edition, Enterprise edition.
Default value when not specified in API or module is
interpreted by ALB Controller as 1.
integer Minimum: 1
Maximum: 128
Default: "1"

ALBVirtualServiceApiResponse (schema)

VirtualServiceApiResponse

VirtualServiceApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of VirtualService

Array of VirtualService
array of ALBVirtualService
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBVirtualServiceType (schema)

VirtualServiceType type

Valid ENUM values for ALBVirtualServiceType

Name Description Type Notes
ALBVirtualServiceType VirtualServiceType type

Valid ENUM values for ALBVirtualServiceType		 string Enum: VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD

ALBVsVip (schema)

VsVip

Advanced load balancer VsVip object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bgp_peer_labels Bgp peer labels

Select BGP peers, using peer label, for VsVip
advertisement.
Maximum of 128 items allowed.
array of string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cloud_name Cloud name

It is a reference to an object of type Cloud.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_info Dns info

Service discovery specific data including fully qualified
domain name, type and Time-To-Live of the DNS record.
Maximum of 1000 items allowed.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBDnsInfo
east_west_placement East west placement

Force placement on all Service Engines in the Service
Engine Group (Container clouds only).
Allowed in Basic(Allowed values- false) edition,
Essentials(Allowed values- false) edition, Enterprise
edition.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBVsVip string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tier1_path Tier1 path

This sets the placement scope of virtualservice to given
tier1 logical router in Nsx-t.
string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
use_standard_alb Use standard alb

This overrides the cloud level default and needs to match
the SE Group value in which it will be used if the SE Group
use_standard_alb value is set.
This is only used when FIP is used for VS on Azure Cloud.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
boolean
vip Vip

List of Virtual Service IPs and other shareable entities.		 array of ALBVip
vrf_context_name Vrf context name

Virtual Routing Context that the Virtual Service is bound
to.
This is used to provide the isolation of the set of
networks the application is attached to.
It is a reference to an object of type VrfContext.
string
vsvip_cloud_config_cksum Vsvip cloud config cksum

Checksum of cloud configuration for VsVip.
Internally set by cloud connector.
string

ALBVsVipApiResponse (schema)

VsVipApiResponse

VsVipApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of VsVip

Array of VsVip
array of ALBVsVip
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBWafAction (schema)

WafAction type

Valid ENUM values for ALBWafAction

Name Description Type Notes
ALBWafAction WafAction type

Valid ENUM values for ALBWafAction		 string Enum: WAF_ACTION_NO_OP, WAF_ACTION_BLOCK, WAF_ACTION_ALLOW_PARAMETER

ALBWafApplicationSignatures (schema)

WafApplicationSignatures

Advanced load balancer WafApplicationSignatures object

Name Description Type Notes
rule_overrides Rule overrides

Override attributes of application signature rules.		 array of ALBWafRuleOverrides
ruleset_version Ruleset version

The version in use of the provided ruleset.		 string
selected_applications Selected applications

List of applications for which we use the rules from the
WafApplicationSignatureProvider.
Maximum of 8 items allowed.
array of string

ALBWafCRS (schema)

WafCRS

Advanced load balancer WafCRS object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
groups Groups

WAF Rules are sorted in groups based on their
characterization.
Maximum of 64 items allowed.
array of ALBWafRuleGroup
id Unique identifier of this resource string Sortable
integrity Integrity

Integrity protection value.		 string Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
release_date Release date

The release date of this version in RFC 3339 / ISO 8601
format.
string Required
resource_type Must be set to the value ALBWafCRS string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
version Version

The version of this ruleset object.		 string Required

ALBWafCRSApiResponse (schema)

WafCRSApiResponse

WafCRSApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of WafCRS

Array of WafCRS
array of ALBWafCRS
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBWafConfig (schema)

WafConfig

Advanced load balancer WafConfig object

Name Description Type Notes
allowed_http_versions Allowed http versions

WAF allowed HTTP Versions.
Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO.
Maximum of 8 items allowed.
array of ALBHTTPVersion
allowed_methods Allowed methods

WAF allowed HTTP methods.
Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD,
HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST,
HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT,
HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND,
HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY,
HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK.
array of ALBHTTPMethod
allowed_request_content_types Allowed request content types

WAF allowed Content Types.
Maximum of 64 items allowed.
array of string
argument_separator Argument separator

Argument seperator.
Default value when not specified in API or module is
interpreted by ALB Controller as &.
string Default: "&"
client_request_max_body_size Client request max body size

Maximum size for the client request body scanned by WAF.
Allowed values are 1-32768.
Unit is KB.
Default value when not specified in API or module is
interpreted by ALB Controller as 32.
integer Minimum: 1
Maximum: 32768
Default: "32"
cookie_format_version Cookie format version

0 For Netscape Cookies.
1 For version 1 cookies.
Allowed values are 0-1.
Default value when not specified in API or module is
interpreted by ALB Controller as 0.
integer Minimum: 0
Maximum: 1
Default: "0"
ignore_incomplete_request_body_error Ignore incomplete request body error

Ignore request body parsing errors due to partial scanning.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
max_execution_time Max execution time

The maximum period of time WAF processing is allowed to
take for a single request.
A value of 0 (zero) means no limit and should not be chosen
in production deployments.
It is only used for exceptional situations where crashes of
se_dp processes are acceptable.
The behavior of the system if this time is exceeded depends
on two other configuration settings, the WAF policy mode and
the WAF failure mode.
In WAF policy mode 'Detection', the request is allowed and
flagged for both failure mode 'Closed' and 'Open'.
In enforcement node, 'Closed' means the request is
rejected, 'Open' means the request is allowed and flagged.
Irrespective of these settings, no subsequent WAF rules of
this or other phases will be executed once the maximum
execution time has been exceeded.
Allowed values are 0-5000.
Unit is MILLISECONDS.
Default value when not specified in API or module is
interpreted by ALB Controller as 50.
integer Minimum: 0
Maximum: 5000
Default: "50"
regex_match_limit Regex match limit

Limit CPU utilization for each regular expression match
when processing rules.
Default value when not specified in API or module is
interpreted by ALB Controller as 30000.
integer Default: "30000"
regex_recursion_limit Regex recursion limit

Limit depth of recursion for each regular expression match
when processing rules.
Default value when not specified in API or module is
interpreted by ALB Controller as 10000.
integer Default: "10000"
request_body_default_action Request body default action

WAF default action for Request Body Phase.
Default value when not specified in API or module is
interpreted by ALB Controller as
phase:2,deny,status:403,log,auditlog.
string Default: "phase:2,deny,status:403,log,auditlog"
request_hdr_default_action Request hdr default action

WAF default action for Request Header Phase.
Default value when not specified in API or module is
interpreted by ALB Controller as
phase:1,deny,status:403,log,auditlog.
string Default: "phase:1,deny,status:403,log,auditlog"
response_body_default_action Response body default action

WAF default action for Response Body Phase.
Default value when not specified in API or module is
interpreted by ALB Controller as
phase:4,deny,status:403,log,auditlog.
string Default: "phase:4,deny,status:403,log,auditlog"
response_hdr_default_action Response hdr default action

WAF default action for Response Header Phase.
Default value when not specified in API or module is
interpreted by ALB Controller as
phase:3,deny,status:403,log,auditlog.
string Default: "phase:3,deny,status:403,log,auditlog"
restricted_extensions Restricted extensions

WAF Restricted File Extensions.
Maximum of 256 items allowed.
array of string
restricted_headers Restricted headers

WAF Restricted HTTP Headers.
Maximum of 64 items allowed.
array of string
server_response_max_body_size Server response max body size

Maximum size for response body scanned by WAF.
Allowed values are 1-32768.
Unit is KB.
Default value when not specified in API or module is
interpreted by ALB Controller as 128.
integer Minimum: 1
Maximum: 32768
Default: "128"
static_extensions Static extensions

WAF Static File Extensions.
GET and HEAD requests with no query args and one of these
extensions are allowed and not checked by the ruleset.
Maximum of 64 items allowed.
array of string
status_code_for_rejected_requests Status code for rejected requests

HTTP status code used by WAF Positive Security Model when
rejecting a request.
Enum options - HTTP_RESPONSE_CODE_0,
HTTP_RESPONSE_CODE_100, HTTP_RESPONSE_CODE_101,
HTTP_RESPONSE_CODE_200, HTTP_RESPONSE_CODE_201,
HTTP_RESPONSE_CODE_202, HTTP_RESPONSE_CODE_203,
HTTP_RESPONSE_CODE_204, HTTP_RESPONSE_CODE_205,
HTTP_RESPONSE_CODE_206, HTTP_RESPONSE_CODE_300,
HTTP_RESPONSE_CODE_301, HTTP_RESPONSE_CODE_302,
HTTP_RESPONSE_CODE_303, HTTP_RESPONSE_CODE_304,
HTTP_RESPONSE_CODE_305, HTTP_RESPONSE_CODE_307,
HTTP_RESPONSE_CODE_400, HTTP_RESPONSE_CODE_401,
HTTP_RESPONSE_CODE_402...
Default value when not specified in API or module is
interpreted by ALB Controller as HTTP_RESPONSE_CODE_403.
ALBHTTPResponseCodes Default: "HTTP_RESPONSE_CODE_403"
xml_xxe_protection Xml xxe protection

Block or flag XML requests referring to External Entities.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"

ALBWafDataFile (schema)

WafDataFile

Advanced load balancer WafDataFile object

Name Description Type Notes
data Data

Stringified WAF File Data.		 string Required
name Name

WAF Data File Name.		 string Required
type Type

WAF data file type.
Enum options - WAF_DATAFILE_PM_FROM_FILE, WAF_DATAFILE_DTD,
WAF_DATAFILE_XSD.
Default value when not specified in API or module is
interpreted by ALB Controller as WAF_DATAFILE_PM_FROM_FILE.
ALBWafDataFileType Default: "WAF_DATAFILE_PM_FROM_FILE"

ALBWafDataFileType (schema)

WafDataFileType type

Valid ENUM values for ALBWafDataFileType

Name Description Type Notes
ALBWafDataFileType WafDataFileType type

Valid ENUM values for ALBWafDataFileType		 string Enum: WAF_DATAFILE_PM_FROM_FILE, WAF_DATAFILE_DTD, WAF_DATAFILE_XSD

ALBWafExcludeListEntry (schema)

WafExcludeListEntry

Advanced load balancer WafExcludeListEntry object

Name Description Type Notes
client_subnet Client subnet

Client IP Subnet to exclude for WAF rules.		 ALBIpAddrPrefix
description Description

Free-text comment about this exclusion.		 string
match_element Match element

The match_element can be 'ARGS xxx', 'ARGS_GET xxx',
'ARGS_POST xxx', 'ARGS_NAMES xxx', 'FILES xxx',
'QUERY_STRING', 'REQUEST_BASENAME', 'REQUEST_BODY',
'REQUEST_URI', 'REQUEST_URI_RAW', 'REQUEST_COOKIES xxx',
'REQUEST_HEADERS xxx' or 'RESPONSE_HEADERS xxx'.
These match_elements in the HTTP Transaction (if present)
will be excluded when executing WAF Rules.
string
match_element_criteria Match element criteria

Criteria for match_element matching.		 ALBWafExclusionType
uri_match_criteria Uri match criteria

Criteria for URI matching.		 ALBWafExclusionType
uri_path Uri path

URI Path to exclude for WAF rules.		 string

ALBWafExclusionType (schema)

WafExclusionType

Advanced load balancer WafExclusionType object

Name Description Type Notes
match_case Match case

Case sensitivity to use for the matching.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as SENSITIVE.
ALBMatchCase Default: "SENSITIVE"
match_op Match op

String Operation to use for matching the Exclusion.
Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS,
DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS,
DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH.
Default value when not specified in API or module is
interpreted by ALB Controller as EQUALS.
ALBStringOperation Default: "EQUALS"

ALBWafFailureMode (schema)

WafFailureMode type

Valid ENUM values for ALBWafFailureMode

Name Description Type Notes
ALBWafFailureMode WafFailureMode type

Valid ENUM values for ALBWafFailureMode		 string Enum: WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED

ALBWafMode (schema)

WafMode type

Valid ENUM values for ALBWafMode

Name Description Type Notes
ALBWafMode WafMode type

Valid ENUM values for ALBWafMode		 string Enum: WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT

ALBWafPSMLocation (schema)

WafPSMLocation

Advanced load balancer WafPSMLocation object

Name Description Type Notes
description Description

Free-text comment about this location.		 string
index Index

Location index, this is used to determine the order of the
locations.
integer Required
match Match

Apply these rules only if the request is matching this
description.
ALBWafPSMLocationMatch
name Name

User defined name for this location, it must be unique in
the group.
string Required
rules Rules

A list of rules which should be applied on this location.
Maximum of 1024 items allowed.
array of ALBWafPSMRule

ALBWafPSMLocationMatch (schema)

WafPSMLocationMatch

Advanced load balancer WafPSMLocationMatch object

Name Description Type Notes
host Host

Apply the rules only to requests that match the specified
Host header.
If this is not set, the host header will not be checked.
ALBHostHdrMatch
methods Methods

Apply the rules only to requests that have the specified
methods.
If this is not set, the method will not be checked.
ALBMethodMatch
path Path

Apply the rules only to requests that match the specified
URI.
If this is not set, the path will not be checked.
ALBPathMatch

ALBWafPSMMatchElement (schema)

WafPSMMatchElement

Advanced load balancer WafPSMMatchElement object

Name Description Type Notes
excluded Excluded

Mark this element excluded, like in '!ARGS password'.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
index Index

Match_element index.		 integer Required
name Name

The variable specification.
For example ARGS or REQUEST_COOKIES.
This can be a scalar like PATH_INFO.
Enum options - WAF_VARIABLE_ARGS, WAF_VARIABLE_ARGS_GET,
WAF_VARIABLE_ARGS_POST, WAF_VARIABLE_ARGS_NAMES,
WAF_VARIABLE_REQUEST_COOKIES, WAF_VARIABLE_QUERY_STRING,
WAF_VARIABLE_REQUEST_BASENAME, WAF_VARIABLE_REQUEST_URI,
WAF_VARIABLE_PATH_INFO.
ALBWafVariable Required
sub_element Sub element

The name of the request collection element.
This can be empty, if we address the whole collection or a
scalar element.
string

ALBWafPSMRule (schema)

WafPSMRule

Advanced load balancer WafPSMRule object

Name Description Type Notes
description Description

Free-text comment about this rule.		 string
enable Enable

Enable or disable this rule.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
index Index

Rule index, this is used to determine the order of the
rules.
integer Required
match_case Match case

The field match_value_pattern regular expression is case
sensitive.
Enum options - SENSITIVE, INSENSITIVE.
Default value when not specified in API or module is
interpreted by ALB Controller as INSENSITIVE.
ALBMatchCase Default: "INSENSITIVE"
match_elements Match elements

The match elements, for example ARGS id or ARGS|!ARGS
password.
Maximum of 64 items allowed.
array of ALBWafPSMMatchElement
match_value_max_length Match value max length

The maximum allowed length of the match_value.
If this is not set, the length will not be checked.
integer
match_value_pattern Match value pattern

A regular expression which describes the expected value.		 string
mode Mode

WAF Rule mode.
This can be detection or enforcement.
If this is not set, the Policy mode is used.
This only takes effect if the policy allows delegation.
Enum options - WAF_MODE_DETECTION_ONLY,
WAF_MODE_ENFORCEMENT.
ALBWafMode
name Name

Name of the rule.		 string Required
paranoia_level Paranoia level

WAF Ruleset paranoia mode.
This is used to select Rules based on the paranoia-level.
Enum options - WAF_PARANOIA_LEVEL_LOW,
WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH,
WAF_PARANOIA_LEVEL_EXTREME.
Default value when not specified in API or module is
interpreted by ALB Controller as WAF_PARANOIA_LEVEL_LOW.
ALBWafParanoiaLevel Default: "WAF_PARANOIA_LEVEL_LOW"
rule_id Rule id

Id field which is used for log and metric generation.
This id must be unique for all rules in this group.
string Required

ALBWafParanoiaLevel (schema)

WafParanoiaLevel type

Valid ENUM values for ALBWafParanoiaLevel

Name Description Type Notes
ALBWafParanoiaLevel WafParanoiaLevel type

Valid ENUM values for ALBWafParanoiaLevel		 string Enum: WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME

ALBWafPhase (schema)

WafPhase type

Valid ENUM values for ALBWafPhase

Name Description Type Notes
ALBWafPhase WafPhase type

Valid ENUM values for ALBWafPhase		 string Enum: WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING

ALBWafPolicy (schema)

WafPolicy

Advanced load balancer WafPolicy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allow_mode_delegation Allow mode delegation

Allow Rules to overwrite the policy mode.
This must be set if the policy mode is set to enforcement.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
application_signatures Application signatures

Application Specific Signatures.		 ALBWafApplicationSignatures
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
confidence_override Confidence override

Configure thresholds for confidence labels.		 ALBAppLearningConfidenceOverride
created_by Created by

Creator name.		 string
crs_overrides Crs overrides

Override attributes for CRS rules.		 array of ALBWafRuleGroupOverrides
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_app_learning Enable app learning

Enable Application Learning for this WAF policy.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
enable_auto_rule_updates Enable auto rule updates

Enable Application Learning based rule updates on the WAF
Profile.
Rules will be programmed in dedicated WAF learning group.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
failure_mode Failure mode

WAF Policy failure mode.
This can be 'Open' or 'Closed'.
Enum options - WAF_FAILURE_MODE_OPEN,
WAF_FAILURE_MODE_CLOSED.
Default value when not specified in API or module is
interpreted by ALB Controller as WAF_FAILURE_MODE_OPEN.
ALBWafFailureMode Default: "WAF_FAILURE_MODE_OPEN"
id Unique identifier of this resource string Sortable
learning_params Learning params

Parameters for tuning Application learning.		 ALBAppLearningParams
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
min_confidence Min confidence

Minimum confidence label required for auto rule updates.
Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH,
CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE.
Default value when not specified in API or module is
interpreted by ALB Controller as CONFIDENCE_VERY_HIGH.
ALBAppLearningConfidenceLabel Default: "CONFIDENCE_VERY_HIGH"
mode Mode

WAF Policy mode.
This can be detection or enforcement.
It can be overwritten by rules if allow_mode_delegation is
set.
Enum options - WAF_MODE_DETECTION_ONLY,
WAF_MODE_ENFORCEMENT.
Default value when not specified in API or module is
interpreted by ALB Controller as WAF_MODE_DETECTION_ONLY.
ALBWafMode Default: "WAF_MODE_DETECTION_ONLY"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
paranoia_level Paranoia level

WAF Ruleset paranoia mode.
This is used to select Rules based on the paranoia-level
tag.
Enum options - WAF_PARANOIA_LEVEL_LOW,
WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH,
WAF_PARANOIA_LEVEL_EXTREME.
Default value when not specified in API or module is
interpreted by ALB Controller as WAF_PARANOIA_LEVEL_LOW.
ALBWafParanoiaLevel Default: "WAF_PARANOIA_LEVEL_LOW"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
positive_security_model Positive security model

The Positive Security Model.
This is used to describe how the request or parts of the
request should look like.
It is executed in the Request Body Phase of Avi WAF.
ALBWafPositiveSecurityModel
post_crs_groups Post crs groups

WAF Rules are categorized in to groups based on their
characterization.
These groups are created by the user and will be enforced
after the CRS groups.
array of ALBWafRuleGroup
pre_crs_groups Pre crs groups

WAF Rules are categorized in to groups based on their
characterization.
These groups are created by the user and will be enforced
before the CRS groups.
array of ALBWafRuleGroup
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBWafPolicy string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
waf_crs_path Waf crs path

WAF core ruleset used for the CRS part of this Policy.
It is a reference to an object of type WafCRS.
string
waf_profile_path Waf profile path

WAF Profile for WAF policy.
It is a reference to an object of type WafProfile.
string Required

ALBWafPolicyApiResponse (schema)

WafPolicyApiResponse

WafPolicyApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of WafPolicy

Array of WafPolicy
array of ALBWafPolicy
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBWafPolicyPSMGroup (schema)

WafPolicyPSMGroup

Advanced load balancer WafPolicyPSMGroup object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable Enable

Enable or disable this WAF rule group.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
hit_action Hit action

If a rule in this group matches the match_value pattern,
this action will be executed.
Allowed actions are WAF_ACTION_NO_OP and
WAF_ACTION_ALLOW_PARAMETER.
Default value when not specified in API or module is
interpreted by ALB Controller as WAF_ACTION_ALLOW_PARAMETER.
ALBWafAction Default: "WAF_ACTION_ALLOW_PARAMETER"
id Unique identifier of this resource string Sortable
is_learning_group Is learning group

This field indicates that this group is used for learning.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
locations Locations

Positive Security Model locations.
These are used to partition the application name space.
Maximum of 16384 items allowed.
array of ALBWafPSMLocation
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
miss_action Miss action

If a rule in this group does not match the match_value
pattern, this action will be executed.
Allowed actions are WAF_ACTION_NO_OP and WAF_ACTION_BLOCK.
Default value when not specified in API or module is
interpreted by ALB Controller as WAF_ACTION_NO_OP.
ALBWafAction Default: "WAF_ACTION_NO_OP"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBWafPolicyPSMGroup string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBWafPolicyPSMGroupApiResponse (schema)

WafPolicyPSMGroupApiResponse

WafPolicyPSMGroupApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of WafPolicyPSMGroup

Array of WafPolicyPSMGroup
array of ALBWafPolicyPSMGroup
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBWafPositiveSecurityModel (schema)

WafPositiveSecurityModel

Advanced load balancer WafPositiveSecurityModel object

Name Description Type Notes
group_paths Group paths

These groups should be used to separate different levels of
concern.
The order of the groups matters, one group may mark parts
of the request as valid, so that subsequent groups will not
check these parts.
It is a reference to an object of type WafPolicyPSMGroup.
Maximum of 64 items allowed.
array of string

ALBWafProfile (schema)

WafProfile

Advanced load balancer WafProfile object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
config Config

Config params for WAF.		 ALBWafConfig Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
files Files

List of Data Files Used for WAF Rules.
Maximum of 64 items allowed.
array of ALBWafDataFile
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBWafProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ALBWafProfileApiResponse (schema)

WafProfileApiResponse

WafProfileApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of WafProfile

Array of WafProfile
array of ALBWafProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALBWafRule (schema)

WafRule

Advanced load balancer WafRule object

Name Description Type Notes
avi_tags Avi tags

Tags for WAF rule as per Modsec language.
They are extracted from the tag actions in a Modsec rule.
This field is generated from the rule itself and cannot be
set by the user.
Maximum of 64 items allowed.
array of string
enable Enable

Enable or disable WAF Rule Group.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
exclude_list Exclude list

Exclude list for the WAF rule.
The fields in the exclude list entry are logically and'ed
to deduce the exclusion criteria.
If there are multiple excludelist entries, it will be
'logical or' of them.
Maximum of 64 items allowed.
array of ALBWafExcludeListEntry
index Index

Number of index.		 integer Required
is_sensitive Is sensitive

The rule field is sensitive and will not be displayed.
Default value when not specified in API or module is
interpreted by ALB Controller as false.
boolean Default: "False"
mode Mode

WAF Rule mode.
This can be detection or enforcement.
If this is not set, the Policy mode is used.
This only takes effect if the policy allows delegation.
Enum options - WAF_MODE_DETECTION_ONLY,
WAF_MODE_ENFORCEMENT.
ALBWafMode
name Name

User-friendly optional name for a rule.		 string
phase Phase

The execution phase where this rule will be executed.
Enum options - WAF_PHASE_CONNECTION,
WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY,
WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY,
WAF_PHASE_LOGGING.
ALBWafPhase
rule Rule

Rule as per Modsec language.		 string Required
rule_id Rule id

Identifier (id) for a rule per Modsec language.
All SecRule and SecAction directives require an id.
It is extracted from the id action in a Modsec rule.
Rules within a single WAF Policy are required to have
unique rule_ids.
string

ALBWafRuleGroup (schema)

WafRuleGroup

Advanced load balancer WafRuleGroup object

Name Description Type Notes
enable Enable

Enable or disable WAF Rule Group.
Default value when not specified in API or module is
interpreted by ALB Controller as true.
boolean Default: "True"
exclude_list Exclude list

Exclude list for the WAF rule group.
The fields in the exclude list entry are logically and'ed
to deduce the exclusion criteria.
If there are multiple excludelist entries, it will be
'logical or' of them.
Maximum of 64 items allowed.
array of ALBWafExcludeListEntry
index Index

Number of index.		 integer Required
name Name

Name of the object.		 string Required
rules Rules

Rules as per Modsec language.
Maximum of 1024 items allowed.
array of ALBWafRule

ALBWafRuleGroupOverrides (schema)

WafRuleGroupOverrides

Advanced load balancer WafRuleGroupOverrides object

Name Description Type Notes
enable Enable

Override the enable flag for this group.		 boolean
exclude_list Exclude list

Replace the exclude list for this group.
Maximum of 64 items allowed.
array of ALBWafExcludeListEntry
mode Mode

Override the waf mode for this group.
Enum options - WAF_MODE_DETECTION_ONLY,
WAF_MODE_ENFORCEMENT.
ALBWafMode
name Name

The name of the group where attributes or rules are
overridden.
string Required
rule_overrides Rule overrides

Rule specific overrides.
Maximum of 1024 items allowed.
array of ALBWafRuleOverrides

ALBWafRuleOverrides (schema)

WafRuleOverrides

Advanced load balancer WafRuleOverrides object

Name Description Type Notes
enable Enable

Override the enable flag for this rule.		 boolean
exclude_list Exclude list

Replace the exclude list for this rule.
Maximum of 64 items allowed.
array of ALBWafExcludeListEntry
mode Mode

Override the waf mode for this rule.
Enum options - WAF_MODE_DETECTION_ONLY,
WAF_MODE_ENFORCEMENT.
ALBWafMode
rule_id Rule id

The rule_id of the rule where attributes are overridden.		 string Required

ALBWafVariable (schema)

WafVariable type

Valid ENUM values for ALBWafVariable

Name Description Type Notes
ALBWafVariable WafVariable type

Valid ENUM values for ALBWafVariable		 string Enum: WAF_VARIABLE_ARGS, WAF_VARIABLE_ARGS_GET, WAF_VARIABLE_ARGS_POST, WAF_VARIABLE_ARGS_NAMES, WAF_VARIABLE_REQUEST_COOKIES, WAF_VARIABLE_QUERY_STRING, WAF_VARIABLE_REQUEST_BASENAME, WAF_VARIABLE_REQUEST_URI, WAF_VARIABLE_PATH_INFO

ALBWebhook (schema)

Webhook

Advanced load balancer Webhook object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
callback_url Callback url

Callback URL for the Webhook.		 string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
markers Markers

List of labels to be used for granular RBAC.
Allowed in Basic edition, Essentials edition, Enterprise
edition.
array of ALBRoleFilterMatchLabel
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALBWebhook string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
verification_token Verification token

Verification token sent back with the callback asquery
parameters.
string

ALBWebhookApiResponse (schema)

WebhookApiResponse

WebhookApiResponse

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count count

count
int Default: "None"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Array of Webhook

Array of Webhook
array of ALBWebhook
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ALGTypeNSService (schema)

An NSService element that represents an ALG protocol

Name Description Type Notes
alg The Application Layer Gateway (ALG) protocol

The Application Layer Gateway (ALG) protocol.
Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated.
Please use UDP protocol and create L4 Port Set type of service instead.
string Required
Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP
destination_ports The destination_port cannot be empty and must be a single value. array of PortElement Required
Minimum items: 1
Maximum items: 15
resource_type Must be set to the value ALGTypeNSService string Required
Enum: EtherTypeNSService, IPProtocolNSService, IGMPTypeNSService, ICMPTypeNSService, ALGTypeNSService, L4PortSetNSService
source_ports Source ports array of PortElement Maximum items: 15

ALGTypeServiceEntry (schema)

An ServiceEntry that represents an ALG protocol

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alg The Application Layer Gateway (ALG) protocol

The Application Layer Gateway (ALG) protocol.
Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated.
Please use UDP protocol and create L4 Port Set type of service instead.
string Required
Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_ports The destination_port cannot be empty and must be a single value. array of PortElement Required
Minimum items: 1
Maximum items: 1
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ALGTypeServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports array of PortElement Maximum items: 15
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

AbstractSpace (schema)

The space in which policy is being defined

Represents the space in which the policy is being defined.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
connectivity_strategy Connectivity strategy used by this tenant

The connectivity strategy is deprecated. Use default layer3 rule,
/infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule.
This field indicates the default connectivity policy for the infra
or tenant space
WHITELIST - Adds a default drop rule. Administrator can then use "allow"
rules (aka whitelist) to allow traffic between groups
BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules
(aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled
NONE - No default rules are added.
string Deprecated
Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value AbstractSpace string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

AcceptableComponentVersion (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
acceptable_versions List of component versions array of string Required
component_type Node type string Required
Enum: HOST, EDGE, CCP, MP
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value AcceptableComponentVersion string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AcceptableComponentVersionList (schema)

Name Description Type Notes
results Acceptable version whitelist for different components array of AcceptableComponentVersion Required

Action (schema)

Reaction Action

Reaction Action is the action to take when the stipulated criteria specified
in the event exist over the source. Some example actions include:
- Notify Admin (or VMC's SRE) via email.
- Populate a specific label with the IPSec VPN Session.
- Remove the IPSec VPN Session from a specific label.
This is an abstract type. Concrete child types:
PatchResources
SetFields

Name Description Type Notes
resource_type Resource Type

Reaction Action resource type.
string Required
Enum: PatchResources, SetFields

ActionRequest (schema)

Action request object

Name Description Type Notes
action Action to be performed

Action required to be performed on intent
string

ActionableResource (schema)

Resources managed during restore process

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_address A resource reference on which actions can be performed string Format: hostname-or-ip
resource_type Must be set to the value ActionableResource string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ActionableResourceListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
instruction_id Id of the instruction set whose instructions are to be returned string Required
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ActionableResourceListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List results array of ActionableResource Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ActiveDirectoryIdentitySource (schema)

An Active Directory identity source service

An identity source service that runs Microsoft Active Directory. The service allows selected user accounts defined in Active Directory to log into and access NSX-T.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alternative_domain_names Additional domains to be directed to this identity source

After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.		 array of string
base_dn DN of subtree for user and group searches

The subtree of the LDAP identity source to search when locating users and groups.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domain_name Authentication domain name

The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use.		 string Required
id Unique identifier of this resource string Sortable
ldap_servers LDAP servers for this identity source

The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.		 array of IdentitySourceLdapServer Maximum items: 3
resource_type Must be set to the value ActiveDirectoryIdentitySource string Required
Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ActiveStandbySyncStatus (schema)

Name Description Type Notes
description Description of the status. string Required
full_sync_status Status of full sync. FullSyncStatus Required
is_data_consistent Indicates whether the data is consistent. Always returned as true when queried on an active Global Manager node. boolean Required
percentage_completed Percentage estimate of synchronization progress. Ranges from 0 to 100. This value is only returned when queried on an active Global Manager node. integer
remaining_entries_to_send Number of entries pending synchronization. This value is only returned when queried on an active Global Manager node. integer
standby_site Name of standby site. string Required
status Status of synchronization between active and standby Global Manager nodes. string Required
Enum: UNAVAILABLE, ERROR, ONGOING, NOT_STARTED
sync_type Type of synchronization currently in effect between active and standby Global Manager nodes. string Required
Enum: UNAVAILABLE, DELTA_SYNC, FULL_SYNC

AddALBControllerNodeVMInfo (schema)

Info for AddALBControllerNodeVM

Contains a list of Advanced Load Balancer controller node VM deployment requests.

Name Description Type Notes
deployment_requests List of deployment requests

Advanced Load Balancer Controller deployment requests to be deployed by NSX.
array of ALBControllerNodeVMDeploymentRequest Required
Minimum items: 1

AddClusterNodeAction (schema)

Name Description Type Notes
action string Required
Enum: add_cluster_node

AddClusterNodeSpec (schema)

Name Description Type Notes
controller_role_config AddControllerNodeSpec
display_name Display name for the node string
external_id External identifier of the node string
mgr_role_config AddManagementNodeSpec

AddClusterNodeVMInfo (schema)

Info for AddClusterNodeVM

Contains a list of cluster node VM deployment requests and optionally
a clustering configuration.

Name Description Type Notes
clustering_config Configuration for auto-clustering of VMs post-deployment

This property is deprecated since ClusteringConfig is no longer
needed for auto-installation and will be ignored if provided.
ClusteringConfig
(Abstract type: pass one of the following concrete types)
ClusteringConfig
ControlClusteringConfig		 Deprecated
deployment_requests List of deployment requests

Cluster node VM deployment requests to be deployed by the Manager.
array of ClusterNodeVMDeploymentRequest Required
Minimum items: 1

AddControllerNodeSpec (schema)

Name Description Type Notes
clustering_params Clustering parameters for the node

The details of the controller node required for cluster initialization or joining to an existing cluster. If this property is set, the node will be added to an existing cluster or used to create a new cluster. Otherwise no clustering operation/s will be performed.		 ClusteringInfo
control_plane_server_certificate Deprecated. Do not supply a value for this property. string Deprecated
host_msg_client_info MsgClientInfo Required
mpa_msg_client_info MsgClientInfo Required
node_id Internal identifier of the node

Only use this if an id for the node already exists with MP. If not specified, then the node_id will be set to a random id.		 string
type must be set to AddControllerNodeSpec string Required
Enum: AddControllerNodeSpec

AddIntelligenceClusterNodeVMInfo (schema)

Info for AddIntelligenceClusterNodeVM

Contains a list of NSX-Intelligence cluster node VM deployment requests and optionally
a clustering configuration.

Name Description Type Notes
deployment_requests List of deployment requests

Intelligence Cluster node VM deployment requests to be deployed by NSX.
array of IntelligenceClusterNodeVMDeploymentRequest Required
Minimum items: 1

AddManagementNodeSpec (schema)

Name Description Type Notes
cert_thumbprint The certificate thumbprint of the remote node. string
mpa_msg_client_info MsgClientInfo
password The password to be used to authenticate with the remote node. string Required
remote_address The host address of the remote node to which to send this join request. IPAddress Required
type must be set to AddManagementNodeSpec string Required
Enum: AddManagementNodeSpec
user_name The username to be used to authenticate with the remote node. string Required

AdditionalSearchParameters (schema) (Experimental)

Represents search object that provides additional search capabilities

This object presents additional search capabilities over any API through free text query string. e.g. query="Web-VM-1".

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
dsl Search DSL (domain specific language) query

It's human readable and context-based query language for retreiving
information from search indices.
For example: Find router where ip is 10.10.1.10
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
query Search query string
sort_ascending boolean
sort_by Field by which records are sorted string

AddressBindingEntry (schema) (Deprecated)

Combination of IP-MAC-VLAN binding

An address binding entry is a combination of the IP-MAC-VLAN binding for
a logical port. The address bindings can be obtained via various methods
like ARP snooping, DHCP snooping etc. or by user configuration.

Name Description Type Notes
binding Combination of IP-MAC-VLAN binding PacketAddressClassifier
binding_timestamp Timestamp of binding

Timestamp at which the binding was discovered via snooping or manually
specified by the user
EpochMsTimestamp
source Address binding source

Source from which the address binding entry was obtained		 AddressBindingSource Default: "UNKNOWN"

AddressBindingSource (schema) (Deprecated)

Source from which the address binding is obtained

Name Description Type Notes
AddressBindingSource Source from which the address binding is obtained string Deprecated
Enum: INVALID, UNKNOWN, USER_DEFINED, ARP_SNOOPING, DHCP_SNOOPING, VM_TOOLS, ND_SNOOPING, DHCPV6_SNOOPING, VM_TOOLS_V6

AddressFamilyType (schema)

Type of Address Family

Name Description Type Notes
AddressFamilyType Type of Address Family string Enum: IPV4_UNICAST, VPNV4_UNICAST, IPV6_UNICAST, L2VPN_EVPN

AdvanceClusterRestoreInput (schema)

Name Description Type Notes
id Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided string Required
Readonly
resources List of resources for which the instruction is applicable. array of SelectableResourceReference Required

AdvanceClusterRestoreRequest (schema)

Name Description Type Notes
data List of instructions and their associated data array of AdvanceClusterRestoreInput Required

AdvanceServiceConfig (schema)

Advanced deployment configuration

Contain optional configuration for deployment.

Name Description Type Notes
kubectl_tool Filename of uploaded Kubernetes tools string Readonly
messaging_service_name FQDN to access kafka messaging service pod

FQDN to access kafka messaging service pod.		 string
service_name FQDN to access deployment pod

FQDN to access deployment pod.		 string

AdvertiseRule (schema)

Name Description Type Notes
action Action to ALLOW or DENY advertisement of routes

ALLOW action enables the advertisment and DENY action disables the advertisement of a filtered routes to the connected TIER0 router.		 string Enum: DENY, ALLOW
Default: "ALLOW"
description Description string Maximum length: 1024
display_name Display name string Maximum length: 255
networks network(CIDR) to be routed array of IPCIDRBlock Required
rule_filter Rule filter for the advertise rule AdvertisementRuleFilter

AdvertiseRuleList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
resource_type Must be set to the value AdvertiseRuleList string
rules List of advertisement rules array of AdvertiseRule Minimum items: 0
Default: "[]"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AdvertisementConfig (schema)

Advertisement config

Advertisement config for different types of
routes which need to be advertised from TIER1 logical
router to the linked TIER0 logical router

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
advertise_dns_forwarder Advertise dns forwarder ips

Flag to advertise all routes of dns forwarder listener ips and source ips		 boolean Default: "False"
advertise_ipsec_local_ip Advertise IPSec VPN local endpoint ips

Flag to advertise all IPSec VPN local endpoint ips to linked TIER0 logical router		 boolean Default: "False"
advertise_lb_snat_ip Advertise lb SNAT ips

Flag to advertise all lb SNAT ips		 boolean Default: "False"
advertise_lb_vip Advertise lb vip ips

Flag to advertise lb vip ips		 boolean Default: "False"
advertise_nat_routes Advertise NAT routes

Flag to advertise all routes of nat		 boolean Default: "False"
advertise_nsx_connected_routes Advertise connected routes

Flag to advertise all connected routes		 boolean Default: "False"
advertise_static_routes Advertise static routes

Flag to advertise all static routes		 boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable advertisement

Flag to enable this configuration		 boolean Default: "False"
id Unique identifier of this resource string Sortable
logical_router_id Logical router id

TIER1 logical router id on which to enable this configuration		 string Readonly
resource_type Must be set to the value AdvertisementConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AdvertisementRuleFilter (schema)

To filter the routes advertised by the TIER1 LR to TIER0 LR. Filtering will be based on the type of route and the prefix operator configured.

Name Description Type Notes
match_route_types Array of route types to filter routes array of AdvertisementRuleFilterRouteType Required
Minimum items: 1
prefix_operator Prefix operator to apply on networks

GE prefix operator filters all the routes having network subset of any of the networks configured in Advertise rule. EQ prefix operator filter all the routes having network equal to any of the network configured in Advertise rule.		 string Required
Enum: GE, EQ
Default: "GE"

AdvertisementRuleFilterRouteType (schema)

Route types to filter TIER1 LR advertised routes

Route types to filter the routes advertised by TIER1 LR. The ANY type filters all routes advertised by TIER1. The STATIC type is deprecated. Please refer to T1_STATIC. The T1_STATIC type filters STATIC routes advertised by TIER1. The NSX_CONNECTED type is deprecated. Please refer to T1_CONNECTED. The T1_CONNECTED type filters directly connected routes including downlink and CSP networks advertised by TIER1. The T1_NAT type filters routes for NAT rules advertised by TIER1. The T1_LB_VIP type filters LB VIP networks advertised by TIER1. The T1_LB_SNAT type filters routes corresponding to LB SNAT rules advertised by TIER1. The T1_DNSFORWARDER type filters routes for DNS FORWARDER advertised by TIER1. The T1_IPSEC_LOCAL_IP type filters IPSec VPN local endpoint ip addresses to be advertised.

Name Description Type Notes
AdvertisementRuleFilterRouteType Route types to filter TIER1 LR advertised routes

Route types to filter the routes advertised by TIER1 LR. The ANY type filters all routes advertised by TIER1. The STATIC type is deprecated. Please refer to T1_STATIC. The T1_STATIC type filters STATIC routes advertised by TIER1. The NSX_CONNECTED type is deprecated. Please refer to T1_CONNECTED. The T1_CONNECTED type filters directly connected routes including downlink and CSP networks advertised by TIER1. The T1_NAT type filters routes for NAT rules advertised by TIER1. The T1_LB_VIP type filters LB VIP networks advertised by TIER1. The T1_LB_SNAT type filters routes corresponding to LB SNAT rules advertised by TIER1. The T1_DNSFORWARDER type filters routes for DNS FORWARDER advertised by TIER1. The T1_IPSEC_LOCAL_IP type filters IPSec VPN local endpoint ip addresses to be advertised.		 string Enum: ANY, STATIC, T1_STATIC, NSX_CONNECTED, T1_CONNECTED, T1_NAT, T1_LB_VIP, T1_LB_SNAT, T1_DNSFORWARDER, T1_IPSEC_LOCAL_IP

AgentInfo (schema)

Agent Information

Information on agent download link and install command.

Name Description Type Notes
agent_download_link Link to Download Agent string
agent_install_command Command to Install Agent string
agent_os_type Agent OS Type string

AgentStatus (schema)

Name Description Type Notes
name Agent name string Enum: NSX_AGENT, NSX_OPSAGENT, NSX_CFGAGENT, NSX_NESTDB
status Agent status string Enum: UP, DOWN, UNKNOWN

AgentStatusCount (schema)

Name Description Type Notes
agents NSX agents status

List of agent statuses belonging to the transport node		 array of AgentStatus
down_count Down count int
status Roll-up agent status string Enum: UP, DOWN, UNKNOWN
up_count Up count int

AggregateDNSForwarderStatistics (schema)

Aggregate of DNS forwarder statistics

Aggregate of DNS forwarder statistics across enforcement points.

Name Description Type Notes
intent_path String path of the DNS forwarder intent

String path of the DNS forwarder intent.
string Required
statistics_per_enforcement_point List of DNS forwarder statistics per enforcement point

List of DNS forwarder statistics per enforcement point.
array of DNSForwarderStatisticsPerEnforcementPoint
(Abstract type: pass one of the following concrete types)
NsxTDNSForwarderStatistics		 Readonly

AggregateDNSForwarderStatus (schema)

Aggregate of DNS forwarder status

Aggregate of DNS forwarder status across enforcement points.

Name Description Type Notes
intent_path String path of the DNS forwarder intent

String path of the DNS forwarder intent.
string Required
status_per_enforcement_point List of DNS forwarder status per enforcement point

List of DNS forwarder status per enforcement point.
array of DNSForwarderStatusPerEnforcementPoint
(Abstract type: pass one of the following concrete types)
NsxTDNSForwarderStatus		 Readonly

AggregateIPSecVpnSessionStatistics (schema)

Aggregate of IPSec VPN Session Statistics

Aggregate of IPSec VPN Session Statistics across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results List of IPSec VPN Session Statistics per Enforcement Point

List of IPSec VPN Session Statistics per Enforcement Point.
array of IPSecVpnSessionStatisticsPerEP
(Abstract type: pass one of the following concrete types)
IPSecVpnSessionStatisticsNsxT		 Readonly

AggregateIPSecVpnSessionStatus (schema)

Aggregate of IPSec VPN Session Status

Aggregate of IPSec VPN Session Status across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results List of IPSec VPN Session Status per Enforcement Point

List of IPSec VPN Session Status per Enforcement Point.
array of IPSecVpnSessionStatusPerEP
(Abstract type: pass one of the following concrete types)
IPSecVpnSessionStatusNsxT		 Readonly

AggregateL2VPNSessionPeerConfig (schema)

Aggregate of L2VPN Session Peer Config

Aggregate of L2VPN Session peer config across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results List of L2VPN Session Peer config per Enforcement Point

List of L2VPN Session peer config per Enforcement Point.
array of L2VPNSessionPeerConfigPerEP
(Abstract type: pass one of the following concrete types)
L2VPNSessionPeerConfigNsxT		 Readonly

AggregateL2VPNSessionStatistics (schema)

Aggregate of L2VPN Session Statistics

Aggregate of L2VPN Session Statistics across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results List of L2VPN Session Statistics per Enforcement Point

List of L2VPN Session Statistics per Enforcement Point.
array of L2VPNSessionStatisticsPerEP
(Abstract type: pass one of the following concrete types)
L2VPNSessionStatisticsNsxT		 Readonly

AggregateL2VPNSessionStatus (schema)

Aggregate of L2VPN Session Status

Aggregate of L2VPN Session Status across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results List of L2VPN Session Status per Enforcement Point

List of L2VPN Session Status per Enforcement Point.
array of L2VPNSessionStatusPerEP
(Abstract type: pass one of the following concrete types)
L2VPNSessionStatusNsxT		 Readonly

AggregateL2VpnSessionRemoteMac (schema)

Aggregate of L2Vpn Session Remote Mac

Aggregate of L2Vpn session remote mac across enforcement points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
l2vpn_session_remote_macs List of L2Vpn Session remote mac array of L2VpnSessionRemoteMacPerEP
(Abstract type: pass one of the following concrete types)
L2VpnSessionRemoteMacNsxT		 Readonly

AggregateLBNodeUsageSummary (schema)

Aggregate of LBNodeUsageSummary across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBNodeUsageSummary list results

LBNodeUsageSummary list results.		 array of LBNodeUsageSummary Readonly

AggregateLBPoolStatistics (schema)

Paged Collection of LBPoolStatisticsPerEP

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBPoolStatisticsPerEP list results

LBPoolStatisticsPerEP list results.		 array of LBPoolStatisticsPerEP
(Abstract type: pass one of the following concrete types)
LBPoolStatistics		 Readonly

AggregateLBPoolStatus (schema)

Paged Collection of LBPoolStatusPerEP

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBPoolStatusPerEP list results

LBPoolStatusPerEP list results.		 array of LBPoolStatusPerEP
(Abstract type: pass one of the following concrete types)
LBPoolStatus		 Readonly

AggregateLBServiceStatistics (schema)

Paged Collection of LBServiceStatisticsPerEP

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBServiceStatisticsPerEP list results

LBServiceStatisticsPerEP list results.		 array of LBServiceStatisticsPerEP
(Abstract type: pass one of the following concrete types)
LBServiceStatistics		 Readonly

AggregateLBServiceStatus (schema)

Paged Collection of LBServiceStatusPerEP

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBServiceStatusPerEP list results

LBServiceStatusPerEP list results.		 array of LBServiceStatusPerEP
(Abstract type: pass one of the following concrete types)
LBServiceStatus		 Readonly

AggregateLBServiceUsage (schema)

Aggregate of LBServiceUsagePerEP across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBServiceUsagePerEP list results

LBServiceUsagePerEP list results.		 array of LBServiceUsagePerEP
(Abstract type: pass one of the following concrete types)
LBServiceUsage		 Readonly

AggregateLBVirtualServerStatistics (schema)

Paged Collection of LBVirtualServerStatisticsPerEP

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBVirtualServerStatisticsPerEP list results

LBVirtualServerStatisticsPerEP list results.		 array of LBVirtualServerStatisticsPerEP
(Abstract type: pass one of the following concrete types)
LBVirtualServerStatistics		 Readonly

AggregateLBVirtualServerStatus (schema)

Paged Collection of LBVirtualServerStatusPerEP

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
results LBVirtualServerStatusPerEP list results

LBVirtualServerStatusPerEP list results.		 array of LBVirtualServerStatusPerEP
(Abstract type: pass one of the following concrete types)
LBVirtualServerStatus		 Readonly

AggregatePolicyDnsAnswer (schema)

Aggregate of DNS forwarder nslookup answer

Aggregate of DNS forwarder nslookup answer across enforcement points.

Name Description Type Notes
dns_answer_per_enforcement_point List of DNS forwarder nslookup answer per enforcement point

List of DNS forwarder nslookup answer per enforcement point.
array of PolicyDnsAnswerPerEnforcementPoint Readonly
intent_path String path of the DNS forwarder intent

String path of the DNS forwarder intent.
string Required

AggregatePolicyRuntimeInfo (schema)

Aggregate of PolicyRuntimeInfoPerEP

Aggregate of PolicyRuntimeInfoPerEP across Enforcement Points.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly

AggregatedDataCounter (schema)

Name Description Type Notes
rx_bytes DataCounter Readonly
rx_packets DataCounter Readonly
tx_bytes DataCounter Readonly
tx_packets DataCounter Readonly

AggregatedDataCounterEx (schema)

Name Description Type Notes
dropped_by_security_packets PacketsDroppedBySecurity Readonly
mac_learning MacLearningCounters Readonly
rx_bytes DataCounter Readonly
rx_packets DataCounter Readonly
tx_bytes DataCounter Readonly
tx_packets DataCounter Readonly

AggregatedLogicalRouterPortCounters (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
rx LogicalRouterPortCounters Readonly
tx LogicalRouterPortCounters Readonly

Alarm (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarm_source Source identifying entity that the Event instance applies to

If alarm_source_type = INTENT_PATH, this field will contain a
list of intent paths for the entity that the event instance applies to.
If alarm_source_type = ENTITY_ID, this field will contain a list with
a single item identifying the entity id that the event instance applies
to.
array of string Required
Readonly
alarm_source_type Alarm Source type of the Event

Type of alarm source of the Event instance. Can be one of - INTENT_PATH, ENTITY_ID.
AlarmSourceType Required
Readonly
description Detailed description of Alarm

Detailed description of Alarm. This is the same detailed description as the corresponding
Event identified by feature_name.event_type.
string Required
Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
entity_id The UUID of the entity that the Event instance applies to

The entity that the Event instance applies to. Note entity_id may not
be included in a response body. For example, the cpu_high Event may not
return an entity_id.
string Readonly
entity_resource_type The type of entity that the Event instance applies to

The entity type that the Event instance applies to.
string Readonly
event_type Name of event

Name of Event, e.g. manager_cpu_usage_high, certificate_expired.
string Required
Readonly
event_type_display_name Display name of event type

Display name of Event type.
string Required
Readonly
feature_display_name Display name of feature

Display name of feature defining this Event.
string Required
Readonly
feature_name Feature defining this event

Feature defining this Event, e.g. manager_health, certificates.
string Required
Readonly
id ID that uniquely identifies an Alarm

ID that uniquely identifies an Alarm.
string Required
Readonly
last_reported_time Last reported time of event instance

Indicates when the corresponding Event instance was last reported in
milliseconds since epoch.
EpochMsTimestamp Readonly
node_display_name Display name of node

Display name of node that the event instance applies to.
string Readonly
node_id The UUID of the node that the Event instance applies to

The UUID of the node that the Event instance applies to.
string Required
Readonly
node_ip_addresses IP addresses of node

IP addresses of node that the event instance applies to.
array of string Readonly
node_resource_type The resource type of node that the Event instance applies to

The resource type of node that the Event instance applies to
eg. ClusterNodeConfig, TransportNode.
string Readonly
recommended_action Recommended action for Alarm

Recommended action for Alarm. This is the same action as the
corresponding Event identified by feature_name.event_type.
string Required
Readonly
reoccurrences_while_suppressed The number of reoccurrences since this alarm has been SUPPRESSED

The number of reoccurrences since this alarm has been SUPPRESSED.
integer Readonly
resolved_by User ID of the user that set the status value to RESOLVED

User ID of the user that set the status value to RESOLVED. This value
can be SYSTEM to indicate that the system resolved the Alarm, for
example when the system determines CPU usage is no longer high and the
cpu_high Alarm is no longer applicable. This property is only returned
when the status value is RESOLVED.
string Readonly
resolved_time Time when Alarm was resolved

Indicates when the Alarm was resolved in milliseconds since epoch.
This property is only returned when the status value is RESOLVED.
EpochMsTimestamp Readonly
resource_type Must be set to the value Alarm string
runtime_data Runtime data for Alarm

Runtime data for Alarm. When an alarming condition occurs, there may
be additional data of interest when triaging the underlying issue, for
example, output from system commands captured at the time of the error.
Note, the contents of this property are not localized.
string Readonly
severity Severity of the Alarm

Severity of the Alarm.Can be one of - CRITICAL, HIGH, MEDIUM, LOW.
MonitoringSeverity Required
Readonly
status Status of the Alarm

Indicate the status which the Alarm is in.
MonitoringStatus Required
summary Summary description of Alarm

Summary description of Alarm. This is the same summary description as the corresponding
Event identified by feature_name.event_type.
string Required
Readonly
suppress_duration Duration in hours for which an Alarm is SUPPRESSED

The time period between suppress_start_time and suppress_start_time +
suppress_duration (specified in hours) an Alarm is SUPPRESSED.
This property is only returned when the status value is SUPPRESSED.
integer
suppress_start_time Time when Alarm was suppressed

Indicates when the Alarm was suppressed in milliseconds since epoch.
This property is only returned when the status value is SUPPRESSED.
EpochMsTimestamp Readonly
suppressed_by User ID of the user that set the status value to SUPPRESSED

User ID of the user that set the status value to SUPPRESSED.
This property is only returned when the status value is SUPPRESSED.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AlarmFilterParameter (schema)

Parameters to filter alarms

Name Description Type Notes
after Filter to fetch alarms after the specified time

Filter to fetch alarms after the specified time.
EpochMsTimestamp
before Filter to fetch alarms before the specified time

Filter to fetch alarms before the specified time.
EpochMsTimestamp
cursor Cursor for pagination

Opaque cursor to be used for getting next page of records (supplied by current result page).
string
event_type Event Type Filter

Specify one or more event types for which alarms should be filtered.
string
feature_name Feature Name

Specify one or more feature names for which alarms should be filtered.
string
id Alarm ID

Specify one or more alarm IDs for which alarms should be filtered.
string
intent_path Intent Path for entity ID

Specify one or more intent paths for which alarms should be filtered.
string
node_id Node ID

Specify one or more node IDs for which alarms should be filtered.
string
node_resource_type Node Resource Type

Specify one or more node resource types for which alarms should be filtered.
string
page_size Page Size for pagination

Maximum number of results to return in this page (server may return fewer).
integer
severity Severity

Specify one or more severity levels for which alarms should be filtered.
Must be one of CRITICAL, HIGH, MEDIUM, LOW.
string
sort_ascending Represents order of sorting the values

If true, the value of the column are sorted in ascending order. Otherwise, in descending order.		 boolean Default: "True"
sort_by Key for sorting on this column

Sorting on column is based on the sort_by. sort_by represents the field in the output data on which sort is requested.		 string
status Status

Specify one or more status for which alarms should be filtered. Must be
one of OPEN, ACKNOWLEDGED, SUPPRESSED, RESOLVED.
string

AlarmSourceType (schema)

Name Description Type Notes
AlarmSourceType string Enum: INTENT_PATH, ENTITY_ID

AlarmStatusParameter (schema)

Parameters to update status of alarm

Name Description Type Notes
new_status Status

Specify new alarm status for the alarm. Can be one of OPEN,
ACKNOWLEDGED, SUPPRESSED, RESOLVED.
MonitoringStatus Required
suppress_duration Duration in hours for which Alarm should be suppressed

Specify duration in hours for which Alarm should be suppressed.This
value must be specified if the new_status is SUPPRESSED.
integer

AlarmsListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of alarms known to the system array of Alarm Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AlbControllerClusterRuntimeError (schema)

Advanced Load Balancer controller cluster runtime error

Advanced Load Balancer controller cluster runtime error.

Name Description Type Notes
error_code Advanced Load Balancer cluster runtime error code

Advanced Load Balancer cluster runtime error code.
int Readonly
error_message Advanced Load Balancer cluster runtime error msg

Advanced Load Balancer cluster runtime error msg.
string Readonly

AlbControllerVsphereClusterNodeVmDeploymentConfig (schema)

Deployment config on the vSphere platform

The vSphere deployment configuration determines where to deploy the
Advanced Load Balancer controller node VM through a vCenter server. It contains settings that are
applied during install time.
If using DHCP, the following fields must be left unset -
management_port_subnets, and default_gateway_addresses

Name Description Type Notes
compute_id Cluster identifier or resourcepool identifier

The Advanced Load Balancer controller node VM will be deployed on the specified cluster or
resourcepool for specified VC server.
string Required
default_gateway_addresses Default gateway for the VM

The default gateway for the VM to be deployed must be specified if all
the other VMs it communicates with are not in the same subnet.
Do not specify this field and management_port_subnets to use DHCP.
Note: only single IPv4 default gateway address is supported and it
must belong to management network.
array of IPAddress Minimum items: 1
Maximum items: 1
disk_provisioning Disk provitioning type

Specifies the disk provisioning type of the VM.
DiskProvisioning Default: "THIN"
display_name Advanced Load Balancer controller VM display name

Desired display name for Advanced Load Balancer controller VM to be deployed.
string
dns_servers DNS servers.

List of DNS servers.
array of IPv4Address
host_id Host identifier

The Advanced Load Balancer controller node VM will be deployed on the specified host in the
specified VC server within the cluster if host_id is specified.
Note: User must ensure that storage and specified networks are
accessible by this host.
string
hostname Host name or FQDN for the VM

Desired host name/FQDN for the VM to be deployed.
string Required
Format: hostname-or-ip
management_network_id Portgroup identifier for management network connectivity

Distributed portgroup identifier to which the management vnic of
Advanced Load Balancer controller node VM will be connected.
string Required
management_port_subnets Port subnets for management port

IP Address and subnet configuration for the management port.
Do not specify this field and default_gateway_addresses to use DHCP.
Note: only one IPv4 address is supported for the management port.
array of IPSubnet Minimum items: 1
Maximum items: 1
ntp_servers NTP servers.

List of NTP servers.
array of HostnameOrIPv4Address
placement_type Must be set to the value AlbControllerVsphereClusterNodeVmDeploymentConfig string Required
Enum: AlbControllerVsphereClusterNodeVmDeploymentConfig
storage_id Storage/datastore identifier

The Advanced Load Balancer controller node VM will be deployed on the specified datastore in
the specified VC server. User must ensure that storage is accessible
by the specified cluster/host.
string Required
storage_policy_id Storage policy uuid

The cluster node VM will be deployed with the specified storage policy
on the specified datastore in the specified VC server. User must ensure
that the storage policy is applicable on the given datastore.
string
vc_id vSphere compute identifier for identifying VC server

The VC-specific identifiers will be resolved on this VC, so all other
identifiers specified in the config must belong to this vCenter server.
string Required

AllAccountsStateInfo (schema)

State Information Of All Accounts

State Information of all accounts like synchronization in progress count.

Name Description Type Notes
sync_in_progress Sync In Progress Count

Number of cloud accounts for which inventory synchronization is in progress.
integer Readonly

AllAccountsStatistics (schema)

All Accounts Statistics

Stores statistics of all accounts managed by CSM.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
accounts_count Accounts Count

Count of the all accounts managed by CSM.		 integer Readonly
accounts_status Status Of All Accounts

Status of all accounts like synchronization in progress count.		 AllAccountsStateInfo Readonly
instance_stats Instance Statistics

Instance statistics accross all accounts managed by CSM.
InstanceStats Readonly
resource_type Resource Type

Optional identifier for listing all accounts statistics of a particular cloud
provider. Legal values are AwsAccount or AzureAccount.
string Enum: AwsAccount, AzureAccount

AllAccountsStatisticsListResult (schema)

All Accounts Statistics List Result

Stores statistics for all accounts managed by CSM.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results array of AllAccountsStatistics
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AllAccountsStatisticsRequestParameters (schema)

All Accounts Statistics Request Parameters

A set of optional filter paramters to list all accounts statistics.

Name Description Type Notes
cloud_type Cloud Type

Optional identifier for cloud provider based on which all accounts
statistics are to be filtered.
string Enum: AWS, AZURE, AZURE_GOV_US, AWS_GOV_US_EAST, AWS_GOV_US_WEST
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_type Resource Type

Optional identifier for listing all accounts statistics of a particular cloud
provider. Legal values are AwsAccount or AzureAccount.
string Enum: AwsAccount, AzureAccount
sort_ascending boolean
sort_by Field by which records are sorted string

AllClusterGroupStatus (schema)

Status of all the cluster groups

A list of the statuses of all the groups in the cluster.

Name Description Type Notes
cluster_id UUID of the cluster string Readonly
groups Array of groups and their statuses array of ClusterGroupStatus Readonly
overall_status Overall status of the cluster string Readonly
Enum: STABLE, DEGRADED, UNAVAILABLE

AllocatedService (schema)

Name Description Type Notes
allocation_details Key-Value map of additional specific properties of services

Additional properties of a service, say the sub_pool_size and
sub_pool_type for a LoadBalancer.
array of KeyValuePair
high_availability_status HA Status of the service context node

Represents the active or the standby state of the service.		 string Readonly
Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN
service_reference Id and Name of the service context configured on edge node. ResourceReference Required
Readonly

AllocationAction (schema)

Name Description Type Notes
action Specifies allocate or release action string Required
Enum: ALLOCATE, RELEASE

AllocationBasedOnFailureDomain (schema)

Placement based on failure domain of edge node

Auto place TIER1 logical routers, DHCP and MDProxy contexts on two edge
nodes (active and standby) from different failure domains.

Name Description Type Notes
action_type Must be set to the value AllocationBasedOnFailureDomain AllocationRuleActionType Required
enabled Flag to enable failure domain based allocation

Enable placement algorithm to consider failure domain of edge transport
nodes and place active and standby contexts in different failure domains.
boolean Default: "False"

AllocationIpAddress (schema)

Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allocation_id Address that is allocated from pool IPAddress Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value AllocationIpAddress string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AllocationIpAddressListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Pool allocation list results array of AllocationIpAddress Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AllocationPool (schema)

Name Description Type Notes
active_service_count Number of active services on edge node

Represents the number of acitve services running on the edge node.
int Readonly
standby_service_count Number of standby services on edge node

Represents the number of standby services running on the edge node.
int Readonly
sub_pools Edge node sub-pool allocation details

Allocation details of sub-pools configured on edge node.		 array of SubPool

AllocationPoolType (schema)

Types of logical router allocation pool based on services

Name Description Type Notes
AllocationPoolType Types of logical router allocation pool based on services string Enum: LoadBalancerAllocationPool

AllocationRule (schema)

Allocation rule on edge cluster

Allocation rule on edge cluster which will be considered in auto placement
of TIER1 logical routers, DHCP and MDProxy.

Name Description Type Notes
action Action for allocation rule

Set action for each allocation rule		 AllocationRuleAction
(Abstract type: pass one of the following concrete types)
AllocationBasedOnFailureDomain		 Required

AllocationRuleAction (schema)

Set action for allocation rule

Define action for each allocation rule which added on edge cluster.
This is an abstract type. Concrete child types:
AllocationBasedOnFailureDomain

Name Description Type Notes
action_type Type of action for allocation rule

Set action for each allocation rule on edge cluster which will help in
auto placement.
AllocationRuleActionType Required

AllocationRuleActionType (schema)

Type of action for allocation rule

Set action for each allocation rule on edge cluster which will help in auto
placement.

Name Description Type Notes
AllocationRuleActionType Type of action for allocation rule

Set action for each allocation rule on edge cluster which will help in auto
placement.
string Enum: AllocationBasedOnFailureDomain

AntreaAdapterStatus (schema)

Antrea adapter status

Name Description Type Notes
conditions Adapter conditions

Collection of adapter conditions.		 array of ComponentConditionItem Readonly
status Antrea adapter status

Indicate overall healthy status.
ComponentStatus Readonly

AntreaAgentsInfo (schema)

Antrea agents information

Name Description Type Notes
degraded_agent_num The number of degraded agents int Readonly
failed_agent_num The number of failed agents int Readonly
healthy_agent_num The number of healthy agents int Readonly

AntreaClusterInfo (schema)

Antrea cluster info

Antrea cluster status info.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
agent_info Antrea agent info AntreaAgentsInfo Readonly
ccp_adapter_status Antrea CCP adapter status

Including component status and CCP_ADAPTER_ prefix conditions status.
AntreaAdapterStatus Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
controller_status Antrea Controller status

Including component status, connected agent and CONTROLLER_ prefix conditions status.
AntreaControllerStatus Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mp_adapter_status Antrea MP adapter status

Including component status and MP_ADAPTER_ prefix conditions status.
AntreaAdapterStatus Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value AntreaClusterInfo string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

AntreaClusterListRequestParameters (schema)

Antrea cluster list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

AntreaClusterListResult (schema)

Antrea Cluster list

Paged list of Antrea Cluster list.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Antrea cluster list results array of AntreaClusterInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AntreaContainerClusterNode (schema)

Antrea container cluster and its nodes requiring a support bundle

Name Description Type Notes
cluster_id The UUID of the container cluster string Required
nodes List of at most 200 container node UUIDs requiring a support bundle array of string Minimum items: 1

AntreaControllerStatus (schema)

Antrea Controller status

Antrea Controller status, including component status, connected agent and CONTROLLER_ prefix conditions status.

Name Description Type Notes
conditions Controller conditions

Collection of controller related conditions.
array of ComponentConditionItem Readonly
connected_agent_num The number of connected agents

If status is UNKNOWN, this number is meaningless.
int Readonly
status Antrea Controller status

Indicate overall healthy status.
ComponentStatus Readonly

AntreaHeartbeatConfig (schema)

Antrea heartbeat configuration

Antrea heartbeat configuration for interval time.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
report_interval Report interval for Antrea heartbeat with NSX in seconds

If exceeding 3*report_interval, there is still no heartbeat, cluster status will be UNKNOWN.		 int Required
Minimum: 60
Maximum: 600
Default: "60"
resource_type Must be set to the value AntreaHeartbeatConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

AntreaHeartbeatConfigListResult (schema)

Antrea Cluster heartbeat config list

Paged list of Antrea Cluster heartbeat config.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Antrea cluster heartbeat config list

List of Antrea cluster heartbeat config.		 array of AntreaHeartbeatConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AntreaSupportBundleContainerNode (schema)

Name Description Type Notes
clusters List of AntreaContainerClusterNodes identifying container clusters and their nodes array of AntreaContainerClusterNode Minimum items: 1
container_type Must be set to the value AntreaSupportBundleContainerNode string Required
Enum: ANTREA

AntreaTraceflowConfig (schema)

Antrea traceflow configuration

The configuration for Antrea traceflow.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
container_cluster_id Container cluster ID

Container cluster ID in inventory. This property is used to identify
multiple clusters under single NSX-T.
string Required
description Description of this resource string Maximum length: 1024
Sortable
destination_external_id Destination external id

Destination external id for Antrea traceflow. Must be
ContainerApplicationInstance or ContainerApplication. Ignored if
destination_ip provided in packet data.
string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_transient Marker to indicate if intent is transient

This field indicates if intent is transient and will be cleaned up by the system if set to true.		 boolean Default: "True"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
packet Packet configuration

Configuration of packet data.		 AntreaTraceflowPacketData
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value AntreaTraceflowConfig string
source_external_id Source external id

Source external id for Antrea traceflow. Must be
ContainerApplicationInstance external_id.
string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

AntreaTraceflowConfigListResult (schema)

Paged Collection of AntreaTraceflowConfigs

Paged Collection for AntreaTraceflowConfigs.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results AntreaTraceflowConfig list results array of AntreaTraceflowConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AntreaTraceflowIcmpEchoRequestHeader (schema)

IcmpEchoHeader for Antrea traceflow

IcmpEchoRequest header stuffs for Antrea traceflow.

Name Description Type Notes
id IcmpEchoRequest id

Id of IcmpEchoRequest.
integer
sequence Icmp sequence

Sequence number of IcmpEchoRequest.
integer

AntreaTraceflowIpHeader (schema)

IpHeader for Antrea traceflow

Ip header stuffs for Antrea traceflow.

Name Description Type Notes
dstIp Destination ip

Destination ip address in IpHeader.
string
flags Flags

Protocol setting in IpHeader.
integer
protocol Protocol

Protocol setting in IpHeader.
integer
srcIp Source ip

Source ip address in IpHeader.
string
ttl Time to live

TTL value in IpHeader. Default is 64.
integer

AntreaTraceflowIpv6Header (schema)

Ipv6Header for Antrea traceflow

Ipv6 header stuffs for Antrea traceflow.

Name Description Type Notes
dstIp Destination ip

Destination ip address in Ipv6Header.
string
hopLimit Hop limit

Hop limit setting in Ipv6Header.
integer
nextHeader Next header

Next header setting in Ipv6Header.
integer
srcIp Source ip

Source ip address in Ipv6Header.
string

AntreaTraceflowObservation (schema)

Observation for Antrea traceflow

Observation result for Antrea traceflow.

Name Description Type Notes
component_type The component type

The type of component.
string Readonly
Enum: UNKNOWN, ANTREA_SPOOFGUARD, ANTREA_LB, ANTREA_ROUTING, ANTREA_DFW, ANTREA_FORWARDING
container_node_id Container node UID

UID of the container node that observed a traceflow packet.
string Readonly
observation_type The observation type

The type of observation.
AntreaTraceflowObservationDelivered: The packet was delivered to destination Pod properly
AntreaTraceflowObservationReceived: The packet was received from another ContainerNode
AntreaTraceflowObservationForwarded: The packet was forwarded to next logical node or ContainerNode
AntreaTraceflowObservationDropped: The packet was dropped
string Required
Enum: AntreaTraceflowObservationDelivered, AntreaTraceflowObservationReceived, AntreaTraceflowObservationForwarded, AntreaTraceflowObservationDropped
timestamp Timestamp

Timestamp when the observation was collect by Antrea controller.
integer Readonly

AntreaTraceflowObservationListResult (schema)

List object for AnteaTraceflowObservation

List collection for AnteaTraceflowObservation, used in batch API.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results AntreaTraceflowObservation list results array of AntreaTraceflowObservation
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AntreaTraceflowPacketData (schema)

Packet data for Antrea traceflow

Packet data stuffs for Antrea traceflow.

Name Description Type Notes
frameSize Packet frame size

This property is used to set packet data size.
integer
ipHeader Ipv4 header configuration

This property is used to set ipv4 header data.
AntreaTraceflowIpHeader
ipv6Header Ipv6 header configuration

This property is used to set ipv6 header data.
AntreaTraceflowIpv6Header
payload Packet payload

This property is used to set payload data.
string
resourceType Packet resource type

This property is used to set resource type.
string Enum: FIELDS_PACKET_DATA, BINARY_PACKET_DATA
transportHeader Transport header configuration

This property is used to set transport header data.
AntreaTraceflowTransportHeader
transportType Transport type

This property is used to set transport type.
string Enum: UNICAST, MULTICAST, BROADCAST, UNKNOWN

AntreaTraceflowStatus (schema)

Status for Antrea traceflow

The status value of one Antrea traceflow.

Name Description Type Notes
phase Phase

The execution phase of one traceflow.
string Enum: SUCCEEDED, FAILED
reason Reason

The reason for the failure.
string

AntreaTraceflowTcpHeader (schema)

TcpHeader for Antrea traceflow

Tcp header stuffs for Antrea traceflow.

Name Description Type Notes
dstPort Destination port

Destination port number in TcpHeader.
integer
srcPort Source port

Source port number in TcpHeader.
integer
tcpFlags Tcp flags

Tcp flags in TcpHeader. SYN flag must be set for traceflow.
integer

AntreaTraceflowTransportHeader (schema)

TransportHeader for Antrea traceflow

Transport header stuffs for Antrea traceflow.

Name Description Type Notes
icmpEchoRequestHeader IcmpEchoRequestHeader for Antrea traceflow

IcmpEchoRequest header stuffs for Antrea traceflow.
AntreaTraceflowIcmpEchoRequestHeader
tcpHeader TcpHeader for Antrea traceflow

Tcp header stuffs for Antrea traceflow.
AntreaTraceflowTcpHeader
udpHeader UdpHeader for Antrea traceflow

Udp header stuffs for Antrea traceflow.
AntreaTraceflowUdpHeader

AntreaTraceflowUdpHeader (schema)

UdpHeader for Antrea traceflow

Udp header stuffs for Antrea traceflow.

Name Description Type Notes
dstPort Destination port

Destination port number in UdpHeader.
integer
srcPort Source port

Source port number in UdpHeader.
integer

AphInfo (schema)

Apliance proxy hub information

APH information.

Name Description Type Notes
address IP address of APH service string Required
certificate PEM Certificate of APH service string Required
fqdn FQDN, only returned by GET /sites and GET /sites/self string
node_id Node ID of the APH service string Required
port Port of APH service integer Required
use_fqdn whether or not fqdn flag is on boolean
uuid ID of the APH service string Required

ApiError (schema)

Detailed information about an API Error

Name Description Type Notes
details Further details about the error string
error_code A numeric error code integer
error_data Additional data about the error object
error_message A description of the error string
module_name The module name where the error occurred string
related_errors Other errors related to this error array of RelatedApiError

ApiRequestBody (schema)

API Request Body

API Request Body is an Event Source that represents an API request body that
is being reveived as part of an API. Supported Request Bodies are those received
as part of a PATCH/PUT/POST request.

Name Description Type Notes
resource_pointer Resource Pointer

Regex path representing a regex expression on resources. This regex is used
to identify the request body(ies) that is/are the source of the Event. For
instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default"
as a source means that ANY resource starting with Lb or ANY resource with
"/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source
of the event in question.
string Required
resource_type Must be set to the value ApiRequestBody string Required
Enum: ResourceOperation, ApiRequestBody

ApiServiceConfig (schema)

Configuration of the API service

Properties that affect the configuration of the NSX API service.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
basic_authentication_enabled Enable or disable basic authentication

Identifies whether basic authentication is enabled or disabled in API calls.		 boolean Default: "True"
cipher_suites Cipher suites used to secure contents of connection

The TLS cipher suites that the API service will negotiate.		 array of CipherSuite Minimum items: 1
client_api_concurrency_limit Client API rate limit in calls

The maximum number of concurrent API requests that will be serviced for a given authenticated client. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.		 integer Minimum: 0
Default: "40"
client_api_rate_limit Client API rate limit in calls per second

The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0.		 integer Minimum: 0
Default: "100"
connection_timeout NSX connection timeout

NSX connection timeout, in seconds. To disable timeout, set to 0.		 integer Minimum: 0
Maximum: 2147483647
Default: "30"
cookie_based_authentication_enabled Enable or disable cookie-based authentication

Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create.		 boolean Default: "True"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
global_api_concurrency_limit Global API rate limit in calls

The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.		 integer Minimum: 0
Default: "199"
id Unique identifier of this resource string Sortable
lockout_immune_addresses IP addresses which are not subject to lockout on failed login attempts

The list of IP addresses which are not subjected to a lockout on failed login attempts.		 array of IPAddress
protocol_versions TLS protocol versions

The TLS protocol versions that the API service will negotiate.		 array of ProtocolVersion Minimum items: 1
redirect_host Hostname/IP to use in redirect headers

Host name or IP address to use for redirect location headers, or empty string to derive from current request. To disable, set redirect_host to the empty string ("").		 HostnameOrIPv4AddressOrEmptyString Default: ""
resource_type Must be set to the value ApiServiceConfig string
session_timeout NSX session inactivity timeout integer Minimum: 0
Maximum: 2147483647
Default: "1800"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ApplianceLatencyData (schema)

Display the latency data by given appliance node

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
id Appliance id

Display the Appliance id.		 string
latency_data Latency Data List

Latency Data list.		 array of ApplianceLatencyDataItem
name Appliance name

Display the appliance name.		 string
timestamp Timestamp of last modification

Timestamp of last modification.		 EpochMsTimestamp

ApplianceLatencyDataItem (schema)

Appliance Latency data

Describes appliance latency data in detail.

Name Description Type Notes
destination_node_id Node id

Display the appliance node id.		 string
destination_node_ip Node name

Display the appliance node ip.		 string
destination_node_name Node name

Display the appliance node name.		 string
packet_loss_percent Display the percentage of lost packet

Display the percentage of lost packet.		 string
packet_received Display the received packets

Display the received packets.		 integer
packet_transmitted Display the transmitted packets

Display the transmitted packets in Ping		 integer
rtt_avg Display the average rtt of latency value

Display the average Round Trip Time in milliseconds.
number
rtt_max Display the max rtt of latency value

Display the max Round Trip Time in milliseconds.
number
rtt_mdev Display the mean rtt of latency value

Display the mean Round Trip Time in milliseconds.
number
rtt_min Display the min rtt of latency value

Display the min Round Trip Time in milliseconds.
number
source_node_ip Node name

Display the appliance node ip.		 string
status Display the connection status

Display the connection status between source node and destination node.
string Enum: UP, DOWN
total_time Display the total time in milliseconds

Display the total time of sending and receiving packets in milliseconds.
integer

ApplianceLatencyListResult (schema)

List of process data

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Total appliance latency count integer Required
results Appliance Process List

Display the appliance latency data list.		 array of ApplianceLatencyData
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ApplianceManagementSuppressRedirectQueryParameter (schema)

Name Description Type Notes
suppress_redirect Suppress redirect status if applicable

Do not return a redirect HTTP status.		 boolean Default: "False"

ApplianceManagementTaskListResult (schema)

Appliance management task query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Task property results array of ApplianceManagementTaskProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ApplianceManagementTaskProperties (schema)

Appliance management task properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
async_response_available True if response for asynchronous request is available boolean Readonly
cancelable True if this task can be canceled boolean Readonly
description Description of the task string Readonly
details Details about the task if known object Readonly
end_time The end time of the task in epoch milliseconds EpochMsTimestamp Readonly
id Identifier for this task string Readonly
Pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}_[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
message A message describing the disposition of the task string Readonly
progress Task progress if known, from 0 to 100 integer Readonly
Minimum: 0
Maximum: 100
request_method HTTP request method string Readonly
request_uri URI of the method invocation that spawned this task string Readonly
start_time The start time of the task in epoch milliseconds EpochMsTimestamp Readonly
status Current status of the task ApplianceManagementTaskStatus Readonly
user Name of the user who created this task string Readonly

ApplianceManagementTaskQueryParameters (schema)

Name Description Type Notes
fields Fields to include in query results

Comma-separated field names to include in query result		 string
request_method Request method(s) to include in query result

Comma-separated request methods to include in query result		 string Pattern: "^(=|!=|~|!~)?.+$"
request_path Request URI path(s) to include in query result

Comma-separated request paths to include in query result		 string Pattern: "^(=|!=|~|!~)?.+$"
request_uri Request URI(s) to include in query result

Comma-separated request URIs to include in query result		 string Pattern: "^(=|!=|~|!~)?.+$"
status Status(es) to include in query result

Comma-separated status values to include in query result		 string Pattern: "^(=|!=|~|!~)?.+$"
user Names of users to include in query result

Comma-separated user names to include in query result		 string Pattern: "^(=|!=|~|!~)?.+$"

ApplianceManagementTaskStatus (schema)

Current status of the appliance management task

Name Description Type Notes
ApplianceManagementTaskStatus Current status of the appliance management task string Enum: running, error, success, canceling, canceled, killed

ApplianceProcessData (schema)

List of process data in given appliance node

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
id Appliance id

Display the Appliance id.		 string
name Appliance name

Display the appliance name.		 string
timestamp Timestamp of last modification

Timestamp of last modification.		 EpochMsTimestamp
top_process_by_cpu_count Process count

Display the total count of process.		 integer
top_process_by_cpu_list Top process list by CPU

Display the top process list by CPU.		 array of ProcessInformation
top_process_by_mem_count Process count

Display the total count of process.		 integer
top_process_by_mem_list Top process list by memory

Display the top process list by memory.		 array of ProcessInformation

ApplianceProcessListResult (schema)

List of process data

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Appliance Process List

Display the appliance process list.		 array of ApplianceProcessData
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ApplicationConnectivityStrategy (schema)

Application specific connectivity strategy

Allows more granular policies for application workloads

Name Description Type Notes
application_connectivity_strategy Application connectivity strategy

App connectivity strategies
string Required
Enum: ALLOW_INTRA, ALLOW_EGRESS, ALLOW_INGRESS, DROP_INGRESS, DROP_EGRESS
default_application_rule_id Default rule ID associated with the application_connectivity_strategy

Based on the value of the app connectivity strategy, a default rule is
created for the security policy. The rule id is internally assigned
by the system for this default rule.
integer Readonly
logging_enabled Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"

ApplicationProfileType (schema)

application profile type

An application profile can be bound to a virtual server
to specify the application protocol characteristics. It is used to
influence how load balancing is performed. Currently, three types of
application profiles are supported: LbFastTCPProfile,
LbFastUDPProfile and LbHttpProfile.
LbFastTCPProfile or LbFastUDPProfile is typically
used when the application is using a custom protocol or a standard protocol
not supported by the load balancer. It is also used in cases where the user
only wants L4 load balancing mainly because L4 load balancing has much
higher performance and scalability, and/or supports connection mirroring.
LbHttpProfile is used for both HTTP and HTTPS applications.
Though application rules, if bound to the virtual server, can be used
to accomplish the same goal, LbHttpProfile is intended to
simplify enabling certain common use cases.
LbHttpProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
ApplicationProfileType application profile type

An application profile can be bound to a virtual server
to specify the application protocol characteristics. It is used to
influence how load balancing is performed. Currently, three types of
application profiles are supported: LbFastTCPProfile,
LbFastUDPProfile and LbHttpProfile.
LbFastTCPProfile or LbFastUDPProfile is typically
used when the application is using a custom protocol or a standard protocol
not supported by the load balancer. It is also used in cases where the user
only wants L4 load balancing mainly because L4 load balancing has much
higher performance and scalability, and/or supports connection mirroring.
LbHttpProfile is used for both HTTP and HTTPS applications.
Though application rules, if bound to the virtual server, can be used
to accomplish the same goal, LbHttpProfile is intended to
simplify enabling certain common use cases.
LbHttpProfile is deprecated as NSX-T Load Balancer is deprecated.
string Enum: LbHttpProfile, LbFastTcpProfile, LbFastUdpProfile

AppliedTos (schema)

Entities Applied to Profile

Entity lists where the profile will be enabled on.

Name Description Type Notes
logical_ports Logical Port List array of ResourceReference
logical_switches Logical Switch List array of ResourceReference
nsgroups NSGroup List array of ResourceReference

ApplyCertificateParameters (schema)

Name Description Type Notes
node_id Node Id

Optional node-id to which to apply the certificate.
The cluster_certificate field of the matching Certificate Profile
must be false, as those get applied to all nodes.
string Maximum length: 255
service_type Service Type

Service Type of the CertificateProfile to apply the certificate to.
ServiceType Required

ArpHeader (schema)

Name Description Type Notes
dst_ip The destination IP address IPv4Address Required
op_code Arp message type

This field specifies the nature of the Arp message being sent.		 string Required
Enum: ARP_REQUEST, ARP_REPLY
Default: "ARP_REQUEST"
src_ip The source IP address

This field specifies the IP address of the sender. If omitted, the src_ip is set to 0.0.0.0.		 IPv4Address

ArpSnoopingConfig (schema)

ARP Snooping Configuration

Contains ARP snooping related configuration.

Name Description Type Notes
arp_binding_limit Maximum number of ARP bindings

Number of arp snooped IP addresses
Indicates the number of arp snooped IP addresses to be remembered
per LogicalPort. Decreasing this value, will retain the latest
bindings from the existing list of address bindings. Increasing this
value will retain existing bindings and also learn any new address
bindings discovered on the port until the new limit is reached.
int Minimum: 1
Maximum: 256
Default: "1"
arp_snooping_enabled Is ARP snooping enabled or not

Indicates whether ARP snooping is enabled		 boolean Default: "True"

ArpTableRequestParameters (schema)

Routes request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Policy path of edge node

Policy path of edge node. Edge node must be member of enforcement point.
Edge path is required when interface specified is either service or
loopback interface.
string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
This property is required for retrieving routes in CSV format.
string
host_transport_node_path Policy path of host transport node

Policy path of host transport node.
In case of API used from Global Manager, use the HostTransportNode path from Local Manager.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

AssignedByDhcp (schema) (Deprecated)

DHCP based IP assignment.

This type can be specified in ip assignment spec of host switch if DHCP based IP assignment is desired for host switch virtual tunnel endpoints.

Name Description Type Notes
resource_type Must be set to the value AssignedByDhcp string Required
Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec

AssociationListRequestParameters (schema)

Association list request parameters

Name Description Type Notes
associated_resource_type Type of the associated resources AssociationTargetType Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
fetch_ancestors Fetch complete list of associated resources considering containment and nesting

If set to true, will fetch direct as well as
indirect(considering containment as well as nesting)
associated objects for the given source Id.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_id The resource for which associated resources are to be fetched string Required
resource_type Type of the resource for which associated resources are to be fetched AssociationSourceType Required
sort_ascending boolean
sort_by Field by which records are sorted string

AssociationListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of ResourceReference array of ResourceReference Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AssociationSourceType (schema)

Resource type valid for use as source in association API

Name Description Type Notes
AssociationSourceType Resource type valid for use as source in association API string Enum: NSGroup, IPSet, MACSet, LogicalSwitch, LogicalPort, VirtualMachine, DirectoryGroup, VirtualNetworkInterface, TransportNode, IPAddress, CloudNativeServiceInstance, PhysicalServer

AssociationTargetType (schema)

Resource type valid for use as target in association API

Name Description Type Notes
AssociationTargetType Resource type valid for use as target in association API string Enum: NSGroup

AttachedInterface (schema) (Deprecated)

Attached interface specification for Bare metal server

The Attached interface is only effective for the port on Bare metal server.

Name Description Type Notes
app_intf_name The name of application interface string Required
default_gateway Gateway IP IPAddress
migrate_intf Interface name to migrate

IP configuration on migrate_intf will migrate to app_intf_name. It is used for Management and Application sharing the same IP.		 string
routing_table Routing rules array of string

AttachedInterfaceEntry (schema)

Attached interface information for Bare metal server

The Attached interface is only effective for the segment port on Bare metal server.

Name Description Type Notes
app_intf_name The name of application interface string Required
default_gateway Gateway IP IPAddress
migrate_intf Interface name to migrate

IP configuration on migrate_intf will migrate to app_intf_name. It is used for Management and Application sharing the same IP.		 string
routing_table Routing rules array of string

AttachmentContext (schema) (Deprecated)

This is an abstract type. Concrete child types:
L2VpnAttachmentContext
VifAttachmentContext

Name Description Type Notes
allocate_addresses A flag to indicate whether to allocate addresses from allocation pools bound to the parent logical switch. string Enum: IpPool, MacPool, Both, None, Dhcp
resource_type Used to identify which concrete class it is string Required

AttachmentType (schema) (Deprecated)

Type of attachment for logical port.

Name Description Type Notes
AttachmentType Type of attachment for logical port. string Deprecated
Enum: VIF, LOGICALROUTER, BRIDGEENDPOINT, DHCP_SERVICE, METADATA_PROXY, L2VPN_SESSION, L2FORWARDER

AttachmentTypeQueryString (schema) (Deprecated)

Type of attachment for logical port; for query only.

Name Description Type Notes
AttachmentTypeQueryString Type of attachment for logical port; for query only. string Deprecated
Enum: VIF, LOGICALROUTER, BRIDGEENDPOINT, DHCP_SERVICE, METADATA_PROXY, L2VPN_SESSION, NONE

Attribute (schema)

Attributes

Attribute specific to a partner. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. The Attributes used by the partner applicance.

Name Description Type Notes
attribute_type Attributetype.

Attribute Type can be of any of the allowed enum type.		 string Enum: IP_ADDRESS, PORT, PASSWORD, STRING, LONG, BOOLEAN
display_name Display name

Attribute display name string value.		 string
key key

Attribute key string value.		 string Required
read_only read only

Read only Attribute cannot be overdidden by service instance/deployment.		 boolean Default: "False"
value value

Attribute value string value.		 string

AttributeVal (schema)

Attribute values of realized type

Contains type specific properties of generic realized entity

Name Description Type Notes
data_type Datatype of property represented by this attribute

Datatype of the property		 string Required
Readonly
Enum: STRING, DATE, INTEGER, BOOLEAN
key Key for the attribute value

Attribute key		 string
multivalue multivalue flag

If attribute has a single value or collection of values		 boolean Readonly
values List of values for the attribute

List of attribute values		 array of string Readonly

AuditLog (schema)

Audit log in RFC5424 format

Name Description Type Notes
appname Application name field of the log string Required
facility Facility field of the log integer Required
full_log Full log with both header and message string Required
hostname Hostname field of the log string Required
message Message field of the log string Required
msgid Message ID field of the log string Required
priority Priority field of the log integer Required
procid Process ID field of the log integer Required
struct_data Structured data field of the log StructuredData Required
timestamp Date and time in UTC of the log string Required

AuditLogListResult (schema)

Audit log collection results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_full_sync_timestamp Timestamp of the last full audit log collection string Required
result_count Count of results found (across all pages), set only on first page integer Readonly
results Audit log results array of AuditLog Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AuditLogQueryParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page)

A log cursor points to a specific line number in the master audit log		 integer
fields Fields to include in query results

Comma-separated field names to include in query result		 string
page_size Maximum number of results to return in this page (server may return fewer)

The page size determines the number of logs to be returned		 integer Minimum: 0
Maximum: 100
Default: "100"

AuditLogRequest (schema)

Name Description Type Notes
log_age_limit Include logs with timstamps not past the age limit in days integer Minimum: 0
log_filter Audit logs should meet the filter condition string
log_filter_type Type of log filter string Enum: TEXT, REGEX
Default: "TEXT"

AuthenticationPolicyProperties (schema)

Configuration of authentication policies for the NSX node

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
api_failed_auth_lockout_period Lockout period in seconds

Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types.		 integer Minimum: 0
Default: "900"
api_failed_auth_reset_period Period, in seconds, for authentication failures to trigger lockout

In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types.		 integer Minimum: 0
Default: "900"
api_max_auth_failures Number of authentication failures that trigger API lockout

Only applies to NSX Manager nodes. Ignored on other node types.		 integer Minimum: 0
Default: "5"
cli_failed_auth_lockout_period Lockout period in seconds

Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified.		 integer Minimum: 0
Default: "900"
cli_max_auth_failures Number of authentication failures that trigger CLI lockout integer Minimum: 0
Default: "5"
minimum_password_length Minimum number of characters required in account passwords integer Minimum: 8
Default: "8"

AuthenticationScheme (schema)

Name Description Type Notes
scheme_name Authentication scheme name string Required

AutoRds (schema)

Auto assigned Route Distinguishers

This object holds auto assigned route distinguishers for Layer 2 and Layer 3 configurations.

Name Description Type Notes
l2_auto_rds List of layer 2 Auto assigned Route Distinguisher array of L2AutoRD
l3_auto_rd Layer 3 Auto assigned Route Distinguisher

This field is auto assigned by the system.
The auto RD seed is populated when user does not assign a
route_distinguisher field in the gateway.
string

AutomaticHealthCheck (schema)

Automatic Health Check

Health check performed by system automatically on a specific transport zone.

For overlay based zone, health check is performed on corresponding N-VDS of
each transport node with the VLAN and MTU specified by uplink profile of
N-VDS for the node.

For VLAN based zone, health check is performed on corresponding N-VDS of each
transport node with MTU specified by uplink profile of N-VDS for the node
and VLAN specified by all logical switches in this zone.

Name Description Type Notes
result HealthCheckResult Readonly
transport_zone_id Transport Zone ID

ID of the transport zone where this automatic health check is performed.
string Readonly

AutomaticHealthCheckListResult (schema)

List of Automatic Health Checks

Automatic health check list result for query with list parameters.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Automatic Health Check List array of AutomaticHealthCheck Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AutomaticHealthCheckToggle (schema)

Automatic Health Check Toggle

Toggle to enable/disable automatic health check.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Status of automatic health check boolean Required
Default: "False"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value AutomaticHealthCheckToggle string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AviConnectionInfo (schema)

Avi Connection Info

Credential info to connect to a AVI type of enforcement point.

Name Description Type Notes
cloud Cloud

Clouds are containers for the environment that Avi Vantage is installed or operating within.
During initial setup of Vantage, a default cloud, named Default-Cloud, is created.
This is where the first Controller is deployed, into Default-Cloud. Additional clouds may be added,
containing SEs and virtual services.
This is a deprecated property.
Cloud has been renamed to cloud_name and it will added from specific ALB entity.
string Deprecated
enforcement_point_address Enforcement Point Address

Value of this property could be Hostname or IP. For instance:
- On an NSX-T MP running on default port, the value could be "10.192.1.1"
- On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789"
- On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"
string Required
expires_at Expiry time of the token

Expiry time of the token will be set by LCM at the time of Enforcement Point Creation.
string
managed_by Managed by used when on-borading workflow created by LCM/VCF.

Managed by used when on-borading workflow created by LCM/VCF.
string
password Password or Token for Avi Controller

Password or Token for Avi Controller.		 string Required
resource_type Must be set to the value AviConnectionInfo string Required
Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
tenant Tenant

A tenant is an isolated instance of Avi Controller.
Each Avi user account is associated with one or more tenants.
The tenant associated with a user account defines the resources that user can access within Avi Vantage.
When a user logs in, Avi restricts their access to only those resources that are in the same tenant
string Required
thumbprint Thumbprint of Enforcement Point

Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.
string
username Username

Username.		 string Required
version Version

Avi supports API versioning for backward compatibility with automation scripts written for an object model older than the current one.
Such scripts need not be updated to keep up with object model changes
This is a deprecated property. The version is now auto
populated from property file and its value can be read using APIs
string Deprecated

AviEndPoint (schema)

AVI LB endpoint details

Details about the AVI LB endpoint

Name Description Type Notes
avi_endpoint_ip IP address of the AVI LB endpoint

IP address of the AVI LB endpoint.		 string Required
Format: hostname-or-ip
avi_endpoint_password Password for AVI LB endpoint

Password for AVI LB endpoint.		 string Required
avi_endpoint_port AVI LB endpoint port

AVI LB endpoint port.		 int Default: "443"
avi_endpoint_username Username for AVI LB endpoint

Username for AVI LB endpoint.		 string Required

AwsAccount (schema)

AWS account

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auth_method AWS account authorization method

This property conveys the authorization method to use. Appropriate
credentials/parameters will be expected based on this method selection.
string Readonly
Enum: CREDENTIALS
auth_users Authrized Users

List of authorized users.		 array of CloudUserInfo Readonly
cloud_type Cloud Type string Required
Enum: AWS, AZURE, GOOGLE, AZURE_GOV_US, AWS_GOV_US_EAST, AWS_GOV_US_WEST
credentials AWS Credentials

Credentials of AWS Account.		 AwsCredentials Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
instance_stats Instance statistics

Stores statistics of the number of managed, unmanaged and error virtual
machines.
InstanceStats Readonly
last_inventory_sync_date Last inventory sync date

Time when last inventory syncing completed.
integer Readonly
regions_config List of regions configuration for the cloud account

Configured list of regions to be used for the cloud account.
RegionListConfig
regions_count AWS Regions Count

Count of the AWS regions which have atleast one VPC created.		 integer Readonly
resource_type Must be set to the value AwsAccount string
status Status of the account AwsAccountStatus Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tenant_id Tenant ID

Tenant ID of the cloud account.		 string Readonly
vpc_stats VPC statistics VpcStats Readonly

AwsAccountStatus (schema)

AWS account status

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
credentials_status Credentials Status

Status of the cloud account credentials synced at the auto interval.
string Readonly
Enum: VALID, INVALID
error_message Error encountered while syncing AWS inventory

Error encountered while syncing AWS inventory such as read timeout.		 string Readonly
inventory_sync_status Inventory Synchronization Status

Status of inventory synchronization process.		 string Readonly
Enum: SYNCED, IN_PROGRESS
inventory_sync_step Inventory sync step

Step of the inventory synchronization process		 string Readonly
Enum: SYNCING_AWS_REGIONS, SYNCING_AWS_VPCS, SYNCING_AWS_AZS, SYNCING_VMS, SYNCING_NSX_DATA, SYNCING_AWS_GATEWAYS, SYNCING_MANAGED_INSTANCES, NOT_APPLICABLE

AwsAccountsListRequestParameters (schema)

AWS account filter parameters

These parameters will be used to filter the list of accounts.

Name Description Type Notes
cloud_type AWS Cloud Type string Enum: AWS, AWS_GOV_US_EAST, AWS_GOV_US_WEST
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Identifier for region based on which accounts statistics will be aggregated. Using this request parameter will return only all_accounts_vpc_stats and all_accounts_instance_stats properties. string
sort_ascending boolean
sort_by Field by which records are sorted string

AwsAccountsListResult (schema)

Cloud accounts list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
all_accounts_instance_stats Instance statistics

This field is DEPRECATED. To obtain statistics about instances, use the
GET /csm/accounts/statistics API.
InstanceStats Deprecated
Readonly
all_accounts_vpc_stats VPC statistics

This field is DEPRECATED. To obtain statistics about VPCs, use the
GET /csm/accounts/statistics API.
VpcStats Deprecated
Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results AWS accounts list result array of AwsAccount Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsAvailabilityZoneInfo (schema)

Availability Zone information

Name Description Type Notes
display_name Display name of the availability zone string Readonly
id ID of the availability zone string Readonly

AwsComputeVpcConfig (schema)

AWS Compute VPC Configuration

Stores the parameters required for linking compute VPC
with a transit VPC

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
account_id AWS Account ID

AWS account ID related to the compute VPC. This field is
deprecated. Field account_id can be learnt using vpc_id.
GET /csm/aws/vpcs/ API returns associated_account_ids.
Hence, this field is optional.
string Deprecated
cloud_fallback_security_group_id Id of Cloud Security Group

Id of security group where the VMs should be moved after last gateway
undeployed. This field is required only when
default_quarantine_policy_enabled field is set to false.
string
configuration AWS Transit VPC Configuration

All the required informations regarding a transit VPC
will be absorbed as a part of this field.
AwsTransitVpcConfig Required
default_quarantine_policy_enabled Flag to Identify if Default Quarantine Policy is Enabled

Flag to convey if virtual machines belonging to the compute
virtual private cloud should be quarantined or not.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
managed_without_agents Managed Without NSX Agents

This flag determines if this compute virtual private cloud is managed
with or without NSX agents.
boolean Default: "False"
resource_type Must be set to the value AwsComputeVpcConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AwsComputeVpcListRequestParameters (schema)

These paramaters will be used to filter the list of compute VPCs.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id AWS account ID

Identifier for account based on which compute VPCs are to be filtered.
string
associated_transit_vpc_id Transit VPC ID

Identifier for filtering all the compute VPCs which are NSX managed
by the given transit VPC.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
vpc_id VPC ID

Identifier for VPC based on which the list can be filtered or can be
used to validate that hierarchy is correct
string

AwsComputeVpcListResult (schema)

Compute Vpc list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Compute VPC

Array of Compute VPCs		 array of AwsComputeVpcConfig
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsComputeVpcStatus (schema)

VPC Status

Stores onboard and offboard status of AWS VPC. There are 4 states in
onboarding a VPC using transit VPC and the corresponding states in
sequence are VALIDATING_ENVIRONMENT, CREATING_SECURITY_GROUPS,
CONFIGURING_GATEWAY and ONBOARD_SUCCESSFUL. There are 3 states in
offboarding a VPC and the corresponding states in sequence are
UNCONFIGURING_GATEWAY, DELETING_SECURITY_GROUPS and OFFBOARD_SUCCESSFUL.
The state of failure in onboarding or offboarding is indicated
by ONBOARD_FAILED and OFFBOARD_FAILED.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
configuration AWS VPC Config

Stores AWS VPC configuration.
AwsVpcConfig
error_code Error Code

Error code related to virtual private cloud
Onboard/Offboard failure.
integer Readonly
error_message Error Message

Error message related to virtual private cloud
Onboard/Offboard failure.
string Readonly
offboard_step States of Virtual Private Cloud While OffBoard

Stores the different states of virtual private cloud while
offboarding from a transit virtual private cloud.
string Readonly
Enum: UNCONFIGURING_GATEWAY, DELETING_SECURITY_GROUPS, OFFBOARD_SUCCESSFUL, OFFBOARD_FAILED, NOT_APPLICABLE
onboard_step States of Virtual Private Cloud While Onboard

Stores the different states of virtual private cloud while
onboarding using a transit virtual private cloud.
string Readonly
Enum: VALIDATING_ENVIRONMENT, CREATING_SECURITY_GROUPS, CONFIGURING_GATEWAY, ONBOARD_SUCCESSFUL, ONBOARD_FAILED, NOT_APPLICABLE
status Virtual Private Cloud Status

Indicates the status of a virtual private cloud.
UP: virtual private cloud is NSX managed.
DOWN: virtual private cloud is NSX managed with errors.
ONBOARDING: virtual private cloud is in the process of
onboarding using a transit virtual private cloud.
OFFBOARDING: virtual private cloud is in the process of
offboarding from a transit virtual private cloud.
NOT_APPLICABLE: virtual private cloud is NSX unmanaged.
string Readonly
Enum: UP, DOWN, ONBOARDING, OFFBOARDING, NOT_APPLICABLE
virtual_private_cloud_name Virtual Private Cloud Name

Name of the transit virtual private cloud.
string Readonly

AwsCredentials (schema)

AWS Account Credentials

Stores information about AWS account credentials.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
access_key Access Key

Access key of the AWS account.		 string
gateway_role Gateway Role Name

Name of the IAM service role that should be attached to the Cloud
Gateways deployed in the AWS account. Based on the permissions in the
role, the gateways will have access to resources in the AWS account.
string
secret_key Secret Key

Secret key of the AWS account.		 string

AwsGatewayAmiInfo (schema)

Aws Gateway Ami Information

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
ami_id AMI id

The ID of the Amazon Machine Image		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
region_id Name of the Aws Region in which ami is present string Required
resource_type Must be set to the value AwsGatewayAmiInfo string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AwsGatewayAmisListRequestParameters (schema)

These paramaters will be used to filter the list of AWS Gateway AMIs.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Identifier for region based on which list of AWS Gateway AMIs will be obtained string
sort_ascending boolean
sort_by Field by which records are sorted string

AwsGatewayAmisListResult (schema)

List of Aws Gateway amis

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Aws Gateway amis list array of AwsGatewayAmiInfo
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsGatewayConfig (schema)

AWS gateway configuration

Stores AWS gateway configuration like ami_id, key_pair_name and
gateway_ha_configuration.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
ami_id AMI id

The ID of the Amazon Machine Image on which this gateway resides
string
ami_id_obsolete Flag to identify if the AMI ID is related to the previous NSX release

If this flag is set, NSX was upgraded after the gateway was deployed and this AMI ID should no longer be used
boolean Readonly
Default: "False"
cloud_fallback_security_group_id Id of cloud security group

Id of security group where the VMs should be moved after last gateway
undeployed.
string
default_quarantine_policy_enabled Flag to identify if default quarantine policy is enabled boolean Default: "False"
dns_settings DNS settings

Settings related to Cloud gateway DNS configuration. This determines
DNS configuration based on dns_mode.
DnsSettings Deprecated
gateway_connectivity_mode Gateway Connectivity Mode

Helps the user choose default connectivity mode that will be used
between Cloud Service Manager and Gateway.
PUBLIC IP: All the connections will go through the internet. When this mode
is selected by the user, the user will have to select a public Ip address from
the list of public IP's from the 'Public IP on Mgmt NIC' field.
PRIVATE IP: All the connections will go through the VGW or any other configured
VPN.
When there is no input provided by the user, an attempt will be made using
PRIVATE_IP (VGW) first and if that doesn't go through, an attempt will be made
using PUBLIC_IP (IGW). And if both fail, it will cause an exception.
string Enum: PUBLIC_IP, PRIVATE_IP
gateway_ha_configuration Aws Gateway HA configuration array of AwsGatewayHaConfig
is_ha_enabled Flag to identify if HA is enabled boolean
key_pair_name The key pair name required to authenticate into any instance string
managed_without_agents Managed Without NSX Agents

This flag determines if this virtual private cloud is managed with or
without NSX agents. This flag is applicable only for this network.
If this virtual private cloud is being managed without NSX agents,
quarantine state and threat state will be NOT_APPLICABLE for all the
virtual machines under it.
boolean Default: "False"
nsx_manager_connection NSX Manager connection

Determines if connection to NSX Manager is via public IP or private IP
string Enum: PUBLIC_IP, PRIVATE_IP
proxy_server_profile Id of the proxy server profile

Id of the proxy server profile, corresponding proxy settings
will be applied while deploying the gateway.
string
target_disk_size Target Disk Size

This is the target disk size of the PCG appliance in GB. Based on this
an additional disk is attached to the PCG appliance, if required.
The supported size is 191 GB and this property should only be modified
post upgrade for exisiting PCG appliances.
integer
vpn_service_enabled Flag to enable or disable inter-operation with services via VPN

Flag that will enable or disable inter-operation between NSX and
non-NSX services via VPN.
boolean Default: "True"

AwsGatewayDeployConfig (schema)

AWS gateway deployment configuration

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
account_id ID of the AWS account string Required
configuration Configuration of this gateway AwsGatewayConfig Readonly
vpc_id ID of the vpc string Required

AwsGatewayHaConfig (schema)

AWS subnet configuration to deploy gateways

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
availability_zone Availability Zone string Required
downlink_subnet Downlink subnet string Required
gateway_ha_index Index of HA that indicates whether gateway is primary or secondary. If index is 0, then it is primary gateway. Else secondary gateway. integer Required
management_subnet Management subnet string Required
private_ip_settings Private IP settings for management interface

Stores settings related to AWS gateway Private IP configuration.
The private_ip will be attached to management interface of the
gateway, based on the value of ip_allocation_mode.
GatewayPrivateIp
public_ip_settings Public IP settings for management interface

Stores settings related to AWS gateway Public IP configuration.
The public_ip will be attached to management interface of the
gateway, based on the value of ip_allocation_mode.
GatewayPublicIp
uplink_public_ip_settings Public IP settings for uplink interface

Stores settings related to AWS gateway Public IP configuration.
The public_ip will be attached to uplink interface of
the primary gateway, based on the value of ip_allocation_mode.
GatewayPublicIp
uplink_subnet Uplink subnet string Required

AwsGatewayInfo (schema)

AWS Gateway Information

Stores AWS gateway information like configuration and status.

Name Description Type Notes
configuration Gateway Configuration

Configuration of AWS gateway		 AwsGatewayConfig Readonly
csm_ip_address Cloud service manager IP address

Cloud service manager IP address used to communicate
with the AWS Vpc gateways.
string Readonly
gateway_status Gateway Status

Array of gateway statuses		 AwsGatewayStatus Readonly

AwsGatewayInstanceStatus (schema)

AWS gateway instance status

Stores information about AWS gateway instance status

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
configuration_operation_status Status of different gateway configuration operations

This property provides a consolidated status of supported gateway
configuration operations.
GatewayConfigOperationStatus Readonly
deployment_step Different states of gateway deployment string Readonly
Enum: VALIDATING_ENVIRONMENT, COPYING_IMAGE, CREATING_SECURITY_GROUPS, LAUNCHING_GATEWAY, CREATING_NETWORK_INTERFACES, ATTACHING_NETWORK_INTERFACES, ATTACHING_SECURITY_GROUPS, CONFIGURING_GATEWAY, CREATING_LOGICAL_NETWORK_CONSTRUCTS, DEPLOYMENT_SUCCESSFUL, DEPLOYMENT_FAILED, UNCONFIGURING_GATEWAY, RELEASING_EIPS, TERMINATING_GATEWAY, DELETING_SECURITY_GROUPS, DELETING_CLOUD_RESOURCES, UNDEPLOYMENT_SUCCESSFUL, UNDEPLOYMENT_FAILED, NOT_APPLICABLE, CLEANUP_INPROGRESS, CLEANUP_FAILED
error_code Error code for gateway operation failure integer Readonly
error_message Error message for gateway operation failure string Readonly
gateway_ha_index Index of HA that indicates whether gateway is primary or secondary. If index is 0, then it is primary gateway. Else secondary gateway. integer
gateway_instance_id ID of the gateway instance string
gateway_lcp_connectivity_status Gateway to NSX Controller connectivity status

Status of connectivity between NSX controller and public cloud gateway.
string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN
gateway_mpa_connectivity_status Gateway to NSX Manager connectivity status

Status of connectivity between NSX manager and public cloud gateway.
string Readonly
Enum: UP, DOWN, UNKNOWN
gateway_name Name of the gateway instance string
gateway_node_id NSX Node ID of the public cloud gateway string
gateway_status Gateway instance status string Readonly
Enum: UP, DOWN, DEPLOYING, NOT_AVAILABLE, UNDEPLOYING, COPYING_IMAGE
gateway_tn_id NSX transport node id of the public cloud gateway string
is_gateway_active Flag to identify if this is an active gateway boolean Readonly
private_ip Private IP address of the virtual machine string Readonly
public_ip Public IP address of the virtual machine string Readonly
vpn_private_ip VPN Private IP address

Private IP address of the virtual machine for VPN		 string Readonly

AwsGatewayStatus (schema)

AWS Gateway Status

Stores AWS gateway status related information

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
gateway_cluster_id NSX gateway cluster ID

Cluster ID of NSX gateway		 string
gateway_instances_status Gateway Instances Status

Array of gateway instances statuses		 array of AwsGatewayInstanceStatus Readonly

AwsGatewayUndeployConfig (schema)

AWS gateway undeployment configuration

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
account_id ID of the AWS account string Required
instance_id ID of the gateway instance string Required

AwsGatewaysListRequestParameters (schema)

These paramaters will be used to filter the list of AWS Gateways.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Account ID

Optional identifier for account based on which AWS gateways list can be
filtered.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Region ID

Optional identifier for region based on which AWS gateways list can be
filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
vpc_id VPC ID

Optional identifier for vpc based on which AWS gateways list can be
filtered.
string

AwsGatewaysListResult (schema)

AWS Gateways List Result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Vpc list array of AwsGatewayDeployConfig
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsKeyPair (schema)

Aws Key Pair

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
name Name of the Aws Key Pair string Required

AwsKeyPairList (schema)

List of Aws Key Pairs

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Aws Key Pairs list array of AwsKeyPair
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsKeyPairListRequestParameters (schema)

These paramaters will be used to filter the list of subnets.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Identifier for account based on which list of key pairs will be obtained string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Identifier for region based on which list of key pairs will be obtained string Required
sort_ascending boolean
sort_by Field by which records are sorted string

AwsPublicIpListResult (schema)

Aws Public IP List Result

Stores a list of Aws public IPs.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results AWS public IP

Array of Aws public IPs.
array of string Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsRegion (schema)

Aws Region Information

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
associated_account_ids Associated AWS Account IDs

Array of associated AWS account IDs.		 array of string
availability_zones Availability zones under this region array of AwsAvailabilityZoneInfo Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
gateway_stats Gateway statistics GatewayStats Readonly
has_managed_vpc Has a managed VPC? boolean Readonly
id Unique identifier of this resource string Sortable
instance_stats Instance statistics InstanceStats Readonly
resource_type Must be set to the value AwsRegion string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vpc_stats VPC statistics VpcStats Readonly

AwsRegionsListRequestParameters (schema)

These paramaters will be used to filter the list of regions.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Identifier for account based on which regions are to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Identifier for region based on which the list can be filtered or can be used to validate that hierarchy is correct string
sort_ascending boolean
sort_by Field by which records are sorted string

AwsRegionsListResult (schema)

AwsRegions list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Aws Regions list result array of AwsRegion
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsResourcesListRequestParameters (schema)

Aws Resource List Request Parameters

A set of filter parameters to list Aws resources. Multiple parameters
can be given as input to 'AND' them.

Name Description Type Notes
account_id Account ID

Mandatory identifier for account based on which resources are
to be filtered.
string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Region ID

Optional identifier for region based on which resources
are to be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
vpc_id AWS Virtual Private Center ID

Optional identifier for "nsx.vpc" tag on which public IPs
are to be filtered.
string

AwsSecurityGroup (schema)

AWS Security Group

Stores information about an AWS security group.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cloud_tags Cloud Tags

Array of tags associated to a cloud security group.
array of CloudTag Readonly
description Security Group Description

Description of AWS security group.		 string Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
inbound_rules Inbound Rules

Array of inbound rules of the AWS security group.		 array of AwsSecurityGroupRule Readonly
instances_count Count Of Instances

Number of instances associated to cloud security group.		 integer Readonly
is_managed_by_nsx Is Managed By NSX

If the flag is true, the cloud security group is managed by NSX.
boolean Readonly
nsx_security_group NSX Security Group

Stores information about the NSX security group corresponding to the
AWS security group.
SecurityGroup Readonly
outbound_rules Outbound Rules

Array of outbound rules of the AWS security group.		 array of AwsSecurityGroupRule Readonly
region_id Region ID

ID of the cloud region.		 string Readonly
resource_type Must be set to the value AwsSecurityGroup string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
security_group_id Security Group ID

ID of the cloud security group.		 string Readonly
security_group_name Security Group Name

Name of the cloud security group.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AwsSecurityGroupRule (schema)

AWS Security Group Rule

Stores information about an AWS security group rule.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
destination Destination

Destination corresponding to the cloud security group rule.
string Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
port_range Port Range

Port range corresponding to the cloud security group rule.
string Readonly
protocol Protocol

Protocol corresponding to the cloud security group rule.
string Readonly
resource_type Must be set to the value AwsSecurityGroupRule string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
source Source

Source corresponding to the cloud security group rule.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type

Type of AWS security group rule.		 string Readonly

AwsSecurityGroupsListRequestParameters (schema)

Aws Security Groups List Request Parameters

A set of filter parameters to list Aws security groups. Multiple parameters
can be given as input to 'AND' them.

Name Description Type Notes
account_id Account ID

Mandatory identifier for account based on which resources are
to be filtered.
string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Region ID

Optional identifier for region based on which resources
are to be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
vpc_id Region ID

Optional identifier for region based on which resources
are to be filtered.
string Required

AwsSecurityGroupsListResult (schema)

AWS Security Groups List Result

Stores a list of AWS security groups.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of AWS security groups.		 array of AwsSecurityGroup
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsServiceEndpoint (schema)

AWS Service Endpoint

Stores information about any service endpoint which is provided by AWS. NSX
supported services are currently limited to Simple Storage Service (S3),
Relational Database Service (RDS), DynamoDB and Elastic Load Balancing.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cidrs CIDRs

Array of CIDRs associated to an AWS service.
array of string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
nsx_security_groups NSX security groups array

Stores an array of NSX security groups associated to this cloud service
endpoint.
array of SecurityGroup Readonly
resource_type Must be set to the value AwsServiceEndpoint string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
service_endpoint_id Service Endpoint ID

Cloud provided ID of the service endpoint.		 string Readonly
service_endpoint_type Service Endpoint Type

Cloud provided type of the service endpoint.		 string Readonly
service_name Service Name

Name of the cloud service the endpoint is associated with.		 string Readonly
service_type Service type

Stores the type of AWS service corresponding to this endpoint.
AWS_RDS - Amazon Relational Database Service
AWS_DYNAMODB - Amazon DynamoDB
AWS_S3 - Amazon Simple Storage Service
AWS_ELB - Amazon Elastic Load Balancer
string Readonly
Enum: AWS_RDS, AWS_DYNAMODB, AWS_S3, AWS_ELB
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AwsServiceEndpointsListResult (schema)

AWS Service Endpoints List Result

Stores a list of service endpoints which are provided by AWS with
information about each of them. NSX supported services are currently
limited to Simple Storage Service (S3), Relational Database Service (RDS),
DynamoDB and Elastic Load Balancing.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of AWS service endpoints.		 array of AwsServiceEndpoint
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsSubnet (schema)

Aws subnet

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
availability_zone string
cidr IPV4 CIDR Block for the Vpc string Required
Format: ipv4-cidr-block
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id ID of subnet string Required
resource_type Must be set to the value AwsSubnet string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vpc_id ID of the vpc string Required

AwsSubnetListRequestParameters (schema)

These paramaters will be used to filter the list of subnets.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Identifier for account based on which subnets are to be filtered string Required
availability_zone_name Identifier for availability zone based on which subnets are to be filtered string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_name Identifier for region based on which subnets are to be filtered

This field is DEPRECATED. region_name will be learnt from vpc_id
information.
string Deprecated
sort_ascending boolean
sort_by Field by which records are sorted string
vpc_id Identifier for vpc based on which subnets are to be filtered string Required

AwsSubnetListResult (schema)

Aws subnets list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Aws subnets list result array of AwsSubnet Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsTransitVpcConfig (schema)

AWS Transit VPC Configuration

Stores the account IDs and VPC ID related to
the transit VPC.

Name Description Type Notes
account_id AWS account ID

AWS account ID of the transit VPC. This field is
deprecated. Field account_id can be learnt using vpc_id.
GET /csm/aws/vpcs/ API returns associated_account_ids.
Hence, this field is optional.
string Deprecated
vpc_id VPC ID

VPC ID of the transit VPC.		 string Required

AwsTransitVpcInfo (schema)

AWS Transit VPC Information

Stores the account ID and VPC ID related to the transit VPC. A transit VPC is a AWS VPC in which public cloud gateways are deployed and is managing the workload VMs present in other compute VPCs.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
associated_account_ids Array of Cloud Account IDs

Cloud account ID related to the virtual private cloud.
array of string Required
Readonly
virtual_private_cloud_id Virtual Private Cloud ID

Virtual private cloud ID of the corresponding cloud.
string Required
Readonly
virtual_private_cloud_name Virtual Private Cloud name

Virtual private cloud name of the corresponding cloud.
string Required
Readonly

AwsVirtualMachine (schema)

Aws Virtual Machine Information

Stores information about a AWS Virtual Machine

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
agent_status Agent Status

UP - NSX Agent is up and running
DOWN - NSX Agent is down
NO_AGENT - No NSX Agent installed on instance
UNKNOWN - NSX Agent status is unknown
NEEDS_UPDATE - NSX Agent running on instance needs to be updated
string Readonly
Enum: UP, DOWN, NO_AGENT, UNKNOWN, NEEDS_UPDATE
agent_version Agent version details string Readonly
associated_account_ids Associated Cloud Account IDs

Array of associated cloud account IDs.		 array of string
availability_zone AWS Availability Zone

AWS availability zone in which virtual machine is residing		 string Readonly
cloud_instance_type Cloud Instance Type

This field represents various type of service instances in cloud.
VIRTUAL_MACHINE: Virtual machine deployed in public cloud.
AWS_RDS_INSTANCE: Amazon Relational Database Service Instance.
AWS_RDS_CLUSTER: Amazon Relational Database Service Cluster.
AWS_APPLICATION_ELB_INSTANCE: Amazon Application Elastic LoadBalancer.
AWS_CLASSIC_ELB_INSTANCE: Amazon Classic Elastic LoadBalancer.
HORIZON_MANAGEMENT: Virtual Machines that are deployed on Microsoft Azure using
Horizon Cloud Services(HCS) that are used for managing other instances
in the network. This includes, Management VMs, Unified Access Gateway (UAG) VMs, Base VMs.
HORIZON_VDI: Virtual Desktop Image (VDI) deployed on Microsoft Azure using Horizon
Cloud Services(HCS).
string Readonly
Enum: VIRTUAL_MACHINE, AWS_RDS_INSTANCE, AWS_RDS_CLUSTER, AWS_APPLICATION_ELB_INSTANCE, AWS_CLASSIC_ELB_INSTANCE, HORIZON_MANAGEMENT, HORIZON_VDI
cloud_tags Cloud tags for the instance array of CloudTag Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_messages List of error messages

List of error messages identified. Returns only error messages
identified in the last 1 hour.
array of ComputeInstanceErrorMessage Readonly
gateway_ha_index Gateway HA Index

Index of HA that indicates whether gateway is primary or secondary.
If index is 0, then it is primary gateway. Else secondary gateway.
integer
gateway_status Gateway Status string Readonly
Enum: UP, DOWN, DEPLOYING, NOT_AVAILABLE, UNDEPLOYING, COPYING_IMAGE
id Unique identifier of this resource string Sortable
is_gateway Flag to identify if this instance is a gateway node boolean Readonly
is_gateway_active Flag to identify if this instance is an active gateway node boolean Readonly
logical_switch_display_name Logical Switch display name string Readonly
logical_switch_id Logical Switch ID string Readonly
managed_by_nsx Indicate if instance is managed by NSX or not boolean Required
Readonly
nsx_failed_rules_count NSX failed rules count

Number of NSX firewall rules failed to realize on cloud for the instance.
integer Readonly
nsx_ip IP address provided by NSX string Readonly
nsx_security_group_mapping NSX Security Group Mapping

Map of cloud security groups associated to the instance and
corresponding NSX security groups.
array of SecurityGroupDetails Readonly
nsx_security_rule_errors NSX Security Rule Errors

DEPRECATED. Array of NSX security rule realization errors.
To get this information call /csm/virtual-machines//firewall-rules
array of NsxSecurityRuleErrorDetails Deprecated
Readonly
nsx_security_rule_errors_count NSX Security Rule Errors Count

DEPRECATED. Count of the NSX security rule realization errors.
To get this information call /csm/virtual-machines//firewall-rules
integer Deprecated
Readonly
nsx_successful_rules_count NSX successful rules count

Number of NSX firewall rules successfully configured for this instance.
integer Readonly
os_details Operating system details string Readonly
os_type Operating system of the instance string Readonly
power_state Power State

Indicates the power state of the virtual machine as returned by AWS.
string Readonly
Enum: PENDING, RUNNING, SHUTTING_DOWN, TERMINATED, STOPPING, STOPPED
private_ip Private IP address of the instance string Readonly
public_ip Public IP address of the instance string Readonly
quarantine_state Quarantine State

Indicates the quarantine state of the instance.
QUARANTINED - This state implies instance is moved to quarantine security
group because some threat has been detected.
NOT_QUARANTINED - This state implies no quarantine action has been
taken.
UNKNOWN - This state implies either quarantine policy is disabled or
quarantine information is not available.
OVERRIDDEN - This state implies instance is associated with vm_override_sg
which overrides any action based on threat detection.
WHITELISTED - This state implies that quarantine operation will not
be performed on the instance [DEPRECATED - replaced with USERMANAGED].
USERMANAGED - This state implies that quarantine operation will not
be performed on the instance.
NOT_APPLICABLE - This state will be populated for agentless instance, Horizon Management instance.
string Readonly
Enum: QUARANTINED, NOT_QUARANTINED, UNKNOWN, OVERRIDDEN, WHITELISTED, USERMANAGED, NOT_APPLICABLE
region AWS Region

AWS region in which virtual machine is residing		 string Readonly
resource_type Must be set to the value AwsVirtualMachine string Required
Enum: AwsVirtualMachine, AzureVirtualMachine
segment_display_name Segment display name

Segment display name on which this instance resides.
string Readonly
segment_id Segment ID

Segment ID on which this instance resides.
string Readonly
status Instance status

POWERED_ON - Powered on instance
POWERED_OFF - Powered off instance
MANAGED_GATEWAY - Instances that are public cloud gateways
MANAGED - Instances that are managed by NSX
UNMANAGED - Instances that are not managed by NSX or untagged
ERRORED - Instances with no NSX Agent connectivity, NSX Agent is down,
No NSX Policy configured for Agentless VMs or Error on NSX Policy
rule realization.
QUARANTINED - Instances which have been quarantined
WHITELISTED - Instances which have been whitelisted [DEPRECATED - replaced with USERMANAGED]
USERMANAGED - Instances which have been marked as usermanaged.
string Readonly
Enum: POWERED_ON, POWERED_OFF, UNMANAGED, MANAGED_GATEWAY, MANAGED, ERRORED, QUARANTINED, WHITELISTED, USERMANAGED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
threat_state Threat State

Indicates the threat state of the instance.
NORMAL - This state implies no threat has been detected and instance is
functioning as expected.
THREAT - This state implies quarantine enabling threat has been
detected.
INVALID - This state implies either instance is unmanaged or threat related
information is not available.
NOT_APPLICABLE - This state will be populated for agentless instance.
string Readonly
Enum: NORMAL, THREAT, INVALID, NOT_APPLICABLE
vm_config_status Status for user configurable properties VmConfigStatus Readonly
vm_extension_execution_status VM extension script execution status

UNKNOWN - This is the default state. Indicates no information available
regarding extension execution. This can potentially occur for
a VM when agent is installed out of band or if
cloud_agent_automated_install_enabled flag is enabled for the
VNET/VPC which already has managed VMs.
SUCCESSFUL - Indicates VM extension script execution was successful.
This does not necessarily mean agent installation was
successful.
FAILED - Indicates VM extension script execution failed.
string Readonly
vpc AWS VPC

AWS VPC ID in which virtual machine is residing		 string Readonly
vpc_name AWS VPC name

AWS VPC name in which virtual machine is residing		 string Readonly

AwsVpc (schema)

Vpc Information

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
agent_info Aws Agent Information

Array of agent install and download instructions for various OS types.		 array of AgentInfo Readonly
ami_id AMI ID

Amazon Machine Image is a special type of virtual appliance that is
used to create a virtual machine with the Amazon Elastic Compute
Cloud. It serves as the basic unit of deployment for services
delivered using Amazon EC2
string Readonly
associated_account_ids Associated AWS Account IDs

Array of associated AWS account IDs.		 array of string
associated_transit_vpc Associated AWS Transit VPC

Stores the VPC ID and associated account IDs of the transit VPC.
This property describes the associated transit VPC for a given
AWS compute VPC.
AwsTransitVpcInfo Readonly
cidr IPV4 CIDR Block for the Vpc

This field is DEPRECATED as AWS started supporting multiple CIDR
blocks per VPC. This field will return only the first CIDR block
from the response received from AWS. Please use cidr_blocks to
see the multiple CIDR blocks associated with the VPC.
string Deprecated
Readonly
Format: ipv4-cidr-block
cidr_blocks IPv4 CIDR Block

IPv4 CIDR Block of the virtual network.		 array of CidrBlock Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
gateway_info Gateway details for the Vpc AwsGatewayInfo Readonly
id Unique identifier of this resource string Sortable
instance_stats Managed, unmanaged and error instance counts for the Vpc InstanceStats Readonly
is_management_vpc Flag to identify if this is the management Vpc boolean Readonly
Default: "False"
managed_vpcs Array of NSX Managed Compute VPCs

Array of compute VPCs managed by a transit VPC. This property
describes array of managed compute VPC for a given transit VPC.
array of ManagedVpcInfo Readonly
op_status AWS VPC Operational Status

Operational status of the VPC.		 AwsVpcOpStatus Readonly
region_id Id of the AWS region string Readonly
resource_type Must be set to the value AwsVpc string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zones Transport zones for the Vpc array of TransportZoneInfo Readonly
vpc_status AWS Compute VPC Status

Stores onboard and offboard states and corresponding error messages
and error code related to AWS compute VPC. The status for a transit
VPC should be obtained from gateway_info.
AwsComputeVpcStatus Readonly

AwsVpcConfig (schema)

AWS VPC Configuration

Stores the configuration such as default_quarantine_policy_enabled and cloud_fallback_security_group_id for related AWS VPC.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cloud_fallback_security_group_id Id of Cloud Security Group

Id of security group where the VMs should be moved after last gateway
undeployed. This field is required only when
default_quarantine_policy_enabled field is set to false.
string
default_quarantine_policy_enabled Flag to Identify if Default Quarantine Policy is Enabled

Flag to convey if virtual machines belonging to the compute
virtual private cloud should be quarantined or not.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
managed_without_agents Managed Without NSX Agents

This flag determines if this compute virtual private cloud is managed
with or without NSX agents.
boolean Default: "False"
resource_type Must be set to the value AwsVpcConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AwsVpcListRequestParameters (schema)

These paramaters will be used to filter the list of Vpcs.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Identifier for account based on which vpcs are to be filtered string
associated_transit_vpc_id Transit VPC ID

Identifier for filtering all the compute VPCs which are NSX managed
by the given transit VPC.
string
cidr IPV4 CIDR Block for the Vpc string Format: ipv4-cidr-block
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
op_status AWS VPC Operational Status

Operational status of the VPC.		 AwsVpcOpStatus
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Identifier for region based on which vpcs are to be filtered string
sort_ascending boolean
sort_by Field by which records are sorted string
status_filter Filter by overall VPC status

MANAGED - VPC is managed by NSX
UNMANAGED - VPC is not managed by NSX
ERRORED - VPC is in error state
string Readonly
Enum: MANAGED, UNMANAGED, ERRORED
vpc_id Identifier for vpc based on which the list can be filtered or can be used to validate that hierarchy is correct string

AwsVpcListResult (schema)

Vpc list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Vpc list array of AwsVpc
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AwsVpcOpStatus (schema)

Operational Status

Operational status of the AWS VPC. After
there are gateways deployed in a VPC, that VPC is called as transit
VPC and it's status will be set as NSX_MANAGED_BY_GATEWAY.
For all the compute VNets which are being managed by a transit VPC,
their status will be set as NSX_MANAGED_BY_TRANSIT_VPC.
NSX_GATEWAY_ERROR status means gateways are deployed in VPC, but no
gateway is UP and at least one gateway is DOWN. The remaining gateway
can be in NOT_AVAILABLE state. NSX_COMPUTE_ERROR
status will be shown in compute VPC when transit VPC is in
NSX_GATEWAY_ERROR state.
Status for all the rest of the VPCs will be NSX_UNMANAGED.
NSX_MANAGED is deprecated.

Name Description Type Notes
AwsVpcOpStatus Operational Status

Operational status of the AWS VPC. After
there are gateways deployed in a VPC, that VPC is called as transit
VPC and it's status will be set as NSX_MANAGED_BY_GATEWAY.
For all the compute VNets which are being managed by a transit VPC,
their status will be set as NSX_MANAGED_BY_TRANSIT_VPC.
NSX_GATEWAY_ERROR status means gateways are deployed in VPC, but no
gateway is UP and at least one gateway is DOWN. The remaining gateway
can be in NOT_AVAILABLE state. NSX_COMPUTE_ERROR
status will be shown in compute VPC when transit VPC is in
NSX_GATEWAY_ERROR state.
Status for all the rest of the VPCs will be NSX_UNMANAGED.
NSX_MANAGED is deprecated.
string Readonly
Enum: NSX_MANAGED_BY_GATEWAY, NSX_MANAGED_BY_TRANSIT_VPC, NSX_MANAGED, NSX_UNMANAGED, NSX_GATEWAY_ERROR, NSX_COMPUTE_ERROR

Axes (schema)

Axes of a graph

Represents X and Y axes of a graph. For a multi-graph, the same axes are shared by all the graphs.

Name Description Type Notes
x_label Label for X axis of a graph Label
x_labels A list of X-Axis Labels with condition support.

A list of X-Axis Labels with condition support. If needed, this property can be used to provide a list of x-axis label with condition support. For a label with single condition,'x-label' property can be used.		 array of Label Minimum items: 0
y_axis_unit_labels A list of Y-Axis unit Labels with condition support.

A list of Y-Axis unit Labels with condition support. If needed, this property can be used to provide a list of y-axis unit label with condition support. This unit label can be used to display the point value along with units like percentage, milliseconds etc.		 array of Label Minimum items: 0
y_axis_units A list of Y-Axis unit with condition support.

A list of Y-Axis unit with condition support. If needed, this property can be used to provide a list of y-axis unit with condition support. This unit could be like percentage, seconds, milliseconds etc.		 array of AxisUnit Minimum items: 0
y_label Label for Y axis of a graph Label
y_labels A list of Y-Axis Labels with condition support.

A list of Y-Axis Labels with condition support. If needed, this property can be used to provide a list of y-axis label with condition support. For a label with single condition,'y-label' property can be used.		 array of Label Minimum items: 0

AxisUnit (schema)

Axis unit of a graph

Represents X and Y axis unit of a graph.

Name Description Type Notes
condition Expression for evaluating condition

If the condition is met then the above unit will be displayed. to UI. If no condition is provided, then the unit will be displayed unconditionally.		 string Maximum length: 1024
unit An Axis unit.

An Axis unit.		 string Enum: COUNT, PERCENT, BYTES, MILLISECONDS, SECONDS, MINUTE, HOUR, DAY, KILO_BYTES, MEGA_BYTES, GIGA_BYTES

AzureAccount (schema)

Azure Account

Stores information about an Azure account

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auth_method Azure account authorization method

This property conveys the authorization method to use. Appropriate
credentials/parameters will be expected based on this method selection.
string Readonly
Enum: CREDENTIALS
auth_users Authrized Users

List of authorized users.		 array of CloudUserInfo Readonly
cloud_type Cloud Type string Required
Enum: AWS, AZURE, GOOGLE, AZURE_GOV_US, AWS_GOV_US_EAST, AWS_GOV_US_WEST
credentials Azure Credentials

Credentials of Azure Account.		 AzureCredentials Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
instance_stats Instance statistics

Stores statistics of the number of managed, unmanaged and error virtual
machines.
InstanceStats Readonly
last_inventory_sync_date Last inventory sync date

Time when last inventory syncing completed.
integer Readonly
regions_config List of regions configuration for the cloud account

Configured list of regions to be used for the cloud account.
RegionListConfig
regions_count Azure Regions Count

Count of the Azure regions which have atleast one virtual network
created.
integer Readonly
resource_type Must be set to the value AzureAccount string
status Azure Account Status

Status of the Azure Account.		 AzureAccountStatus Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tenant_id Tenant ID

Tenant ID of the cloud account.		 string Readonly
vnet_stats Virtual Network Statistics

Stores statistics of the number of MANAGED and UNMANAGED virtual
networks.
VnetStats Readonly

AzureAccountStatus (schema)

Azure Account Status

Stores information about Azure account status.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
credentials_status Credentials Status

Status of the cloud account credentials synced at the auto interval.
string Readonly
Enum: VALID, INVALID
error_message Error encountered while syncing azure inventory

Error encountered while syncing azure inventory such as read timeout.		 string Readonly
inventory_sync_status Inventory Synchronization Status

Status of inventory synchronization process.		 string Readonly
Enum: SYNCED, IN_PROGRESS
inventory_sync_step Inventory sync step

Step of the inventory synchronization process.		 string Readonly
Enum: SYNCING_AZURE_REGIONS, SYNCING_AZURE_VNETS, SYNCING_VMS, SYNCING_NSX_DATA, SYNCING_AZURE_GATEWAYS, SYNCING_MANAGED_INSTANCES, NOT_APPLICABLE

AzureAccountsListRequestParameters (schema)

Azure account filter parameters

These parameters will be used to filter the list of accounts.

Name Description Type Notes
cloud_type Azure Cloud Type

Type of Azure cloud.		 string Enum: AZURE, AZURE_GOV_US
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

AzureAccountsListResult (schema)

Azure Accounts List Result

Stores a list of Azure accounts.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of Azure accounts.		 array of AzureAccount Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureComputeVNetConfig (schema)

Azure Compute VNet Configuration

Stores the parameters required for linking compute VNet
with the Transit VNet.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
account_id Azure Account ID

Azure account ID related to the compute VNet. This field is
deprecated. Field account_id can be learnt using vnet_id.
GET /csm/azure/vnets/ API returns associated_account_ids.
Hence, this field is optional.
string Deprecated
auto_agent_install_enabled Auto Agent Install Enabled

Flag to identify if NSX agent installation will be done
automatically or not. As of now this is supported for Azure Cloud only.
If the flag managed_without_agents is set to true, this property will
be ignored.
boolean Default: "False"
cloud_fallback_security_group_id Id of Cloud Security Group

Id of security group where the VMs should be moved after last gateway
undeployed. This field is required only when
default_quarantine_policy_enabled field is set to false.
string
configuration Azure Transit VNet Configuration

All the required informations regarding a transit VNet
will be absorbed as a part of this field.
AzureTransitVnetConfig Required
default_quarantine_policy_enabled Flag to Identify if Default Quarantine Policy is Enabled

Flag to convey if virtual machines belonging to the compute
virtual private cloud should be quarantined or not.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
managed_without_agents Managed Without NSX Agents

This flag determines if this compute virtual private cloud is managed
with or without NSX agents.
boolean Default: "False"
resource_type Must be set to the value AzureComputeVNetConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AzureComputeVNetListRequestParameters (schema)

These paramaters will be used to filter the list of compute VNets.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Azure Account ID

Identifier for account based on which compute VNets are to be filtered.
string
associated_transit_vnet_id Transit VNet ID

Identifier for filtering all the compute VNets which are NSX managed
by the given transit VNet.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
vnet_id VNet ID

Optional identifier for virtual network based on which compute virtual
networks list can be filtered. It consists of resourceGuid
of Azure VNet.
string

AzureComputeVNetListResult (schema)

Azure Compute VNet list

Stores a list of Azure compute virtual networks.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Compute VNets

Array of Azure compute virtual networks.		 array of AzureComputeVNetConfig
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureComputeVnetStatus (schema)

VNet Status

Stores onboard and offboard status of Azure VNet. There are 4 states in
onboarding a VNet using transit VNet and the corresponding states in
sequence are VALIDATING_ENVIRONMENT, CREATING_SECURITY_GROUPS,
CONFIGURING_GATEWAY and ONBOARD_SUCCESSFUL. There are 3 states in
offboarding a VNet and the corresponding states in sequence are
UNCONFIGURING_GATEWAY, DELETING_SECURITY_GROUPS and OFFBOARD_SUCCESSFUL.
The state of failure in onboarding or offboarding is indicated
by ONBOARD_FAILED and OFFBOARD_FAILED.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
configuration AZURE VNet Config

Stores AZURE VNet configuration.
AzureVNetConfig
error_code Error Code

Error code related to virtual private cloud
Onboard/Offboard failure.
integer Readonly
error_message Error Message

Error message related to virtual private cloud
Onboard/Offboard failure.
string Readonly
offboard_step States of Virtual Private Cloud While OffBoard

Stores the different states of virtual private cloud while
offboarding from a transit virtual private cloud.
string Readonly
Enum: UNCONFIGURING_GATEWAY, DELETING_SECURITY_GROUPS, OFFBOARD_SUCCESSFUL, OFFBOARD_FAILED, NOT_APPLICABLE
onboard_step States of Virtual Private Cloud While Onboard

Stores the different states of virtual private cloud while
onboarding using a transit virtual private cloud.
string Readonly
Enum: VALIDATING_ENVIRONMENT, CREATING_SECURITY_GROUPS, CONFIGURING_GATEWAY, ONBOARD_SUCCESSFUL, ONBOARD_FAILED, NOT_APPLICABLE
status Virtual Private Cloud Status

Indicates the status of a virtual private cloud.
UP: virtual private cloud is NSX managed.
DOWN: virtual private cloud is NSX managed with errors.
ONBOARDING: virtual private cloud is in the process of
onboarding using a transit virtual private cloud.
OFFBOARDING: virtual private cloud is in the process of
offboarding from a transit virtual private cloud.
NOT_APPLICABLE: virtual private cloud is NSX unmanaged.
string Readonly
Enum: UP, DOWN, ONBOARDING, OFFBOARDING, NOT_APPLICABLE
virtual_private_cloud_name Virtual Private Cloud Name

Name of the transit virtual private cloud.
string Readonly

AzureCredentials (schema)

Azure Account Credentials

Stores information about Azure account credentials

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
client_id Azure Account Client ID

Client ID of the Azure account.		 string
gateway_role Azure role name for gateway

Default Azure Managed Service Identity role that will be set to the
Cloud Gateways deployed in the Azure account. Based on the permissions
in the role, the gateways will have access to resources in the Azure
account.
string
key Azure Account Key

Key of the Azure account. Used only to take input. Will never be
returned in any API response.
string
subscription_id Azure Account Subscription ID

Subscription ID of the Azure account.		 string
tenant_id Azure Account Tenant ID

Tenant ID of the Azure account.		 string

AzureGatewayConfig (schema)

Azure gateway configuration

Stores Azure gateway configuration like image_id, ssh_key and
gateway_ha_configuration.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
auto_agent_install_enabled Auto Agent Install Enabled

Flag to identify if NSX agent installation will be done automatically or not.
As of now this is supported for Azure Cloud only. If the flag
managed_without_agents is set to true, this property will be ignored.
boolean Default: "False"
cloud_fallback_security_group_id Id of cloud security group

Id of security group where the VMs should be moved after last gateway
undeployed.
string
default_quarantine_policy_enabled Flag to identify if default quarantine policy is enabled boolean Default: "False"
dns_settings DNS settings

Settings related to Cloud gateway DNS configuration. This determines
DNS configuration based on dns_mode.
DnsSettings Deprecated
gateway_connectivity_mode Gateway Connectivity Mode

Helps the user choose default connectivity mode that will be used
between Cloud Service Manager and Gateway.
PUBLIC IP: All the connections will go through the internet. When this mode
is selected by the user, the user will have to select a public Ip address from
the list of public IP's from the 'Public IP on Mgmt NIC' field.
PRIVATE IP: All the connections will go through the VGW or any other configured
VPN.
When there is no input provided by the user, an attempt will be made using
PRIVATE_IP (VGW) first and if that doesn't go through, an attempt will be made
using PUBLIC_IP (IGW). And if both fail, it will cause an exception.
string Enum: PUBLIC_IP, PRIVATE_IP
gateway_ha_configuration Azure Gateway HA configuration array of AzureGatewayHaConfig
image_id NSX PCG Image ID

The ID of the Public Cloud Gateway image in Azure
string
image_id_obsolete Flag to identify if the image ID is related to the previous NSX release

If this flag is set, NSX was upgraded after the gateway was deployed and this image ID should no longer be used
boolean Readonly
Default: "False"
is_ha_enabled Flag to identify if HA is enabled boolean
managed_without_agents Managed Without NSX Agents

This flag determines if this virtual private cloud is managed with or
without NSX agents. This flag is applicable only for this network.
If this virtual private cloud is being managed without NSX agents,
quarantine state and threat state will be NOT_APPLICABLE for all the
virtual machines under it.
boolean Default: "False"
nsx_manager_connection NSX Manager connection

Determines if connection to NSX Manager is via public IP or private IP
string Enum: PUBLIC_IP, PRIVATE_IP
proxy_server_profile Id of the proxy server profile

Id of the proxy server profile, corresponding proxy settings
will be applied while deploying the gateway.
string
ssh_key SSH Key

This key will be associated to Public Cloud Gateway instance while
it is launched in Azure.
string
storage_account_name Azure Storage Account Name

Azure Storage Account where gateway image will be copied.
string
target_disk_size Target Disk Size

This is the target disk size of the PCG appliance in GB. Based on this
an additional disk is attached to the PCG appliance, if required.
The supported size is 191 GB and this property should only be modified
post upgrade for exisiting PCG appliances.
integer
vpn_service_enabled Flag to enable or disable inter-operation with services via VPN

Flag that will enable or disable inter-operation between NSX and
non-NSX services via VPN.
boolean Default: "True"

AzureGatewayDeployConfig (schema)

Azure gateway deployment configuration

Stores configuration for Azure gateway deployment request.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
account_id Azure Account ID

ID of the Azure account.		 string Required
configuration Azure Gateway Configuration

Configuration of Azure gateway.		 AzureGatewayConfig Required
vnet_id Azure Virtual Network ID

ID of the Azure Virtual Network. It consists of resourceGuid of Azure Vnet.		 string Required

AzureGatewayHaConfig (schema)

Azure subnet configuration to deploy gateways

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
downlink_subnet Downlink subnet string Required
gateway_ha_index Index of HA that indicates whether gateway is primary or secondary. If index is 0, then it is primary gateway. Else secondary gateway. integer Required
management_subnet Management subnet string Required
private_ip_settings Private IP settings for management interface

Stores settings related to Azure gateway Private IP configuration.
The private_ip will be attached to management interface of the
gateway, based on the value of ip_allocation_mode.
GatewayPrivateIp
public_ip_settings Public IP settings

Stores settings related to Azure gateway Public IP configuration.
The public_ip will be attached for management interface of the gateway.
GatewayPublicIp
uplink_public_ip_settings Public IP settings for uplink interface

Stores settings related to Azure gateway Public IP configuration.
The public_ip will be attached to uplink interface of
the primary gateway, based on the value of ip_allocation_mode.
GatewayPublicIp
uplink_subnet Uplink subnet string Required

AzureGatewayInfo (schema)

Azure Gateway Information

Stores azure gateway information like configuration and status.

Name Description Type Notes
configuration Gateway Configuration

Configuration of Azure gateway.		 AzureGatewayConfig Readonly
csm_ip_address Cloud service manager IP address

Cloud service manager IP address used to communicate
with the Azure VNet gateways.
string Readonly
gateway_status Gateway Status

Array of gateway statuses.		 AzureGatewayStatus Readonly

AzureGatewayInstanceStatus (schema)

Azure gateway instance status

Stores information about Azure gateway instance status

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
azure_image_bytes_copied Bytes copied, while copying image

Displays number of bytes copied, while copying gateway image.		 integer Readonly
azure_image_copy_progress Progress Percentage for image copy

Displays progress percentage while copying gateway image.		 integer Readonly
azure_image_total_bytes Total bytes required to be copied, for copying image

Displays total number of bytes required to be copied, for copying gateway image.		 integer Readonly
configuration_operation_status Status of different gateway configuration operations

This property provides a consolidated status of supported gateway
configuration operations.
GatewayConfigOperationStatus Readonly
deployment_step Different states of gateway deployment string Readonly
Enum: VALIDATING_ENVIRONMENT, COPYING_IMAGE, CREATING_SECURITY_GROUPS, LAUNCHING_GATEWAY, CREATING_NETWORK_INTERFACES, ATTACHING_NETWORK_INTERFACES, ATTACHING_SECURITY_GROUPS, CONFIGURING_GATEWAY, CREATING_LOGICAL_NETWORK_CONSTRUCTS, DEPLOYMENT_SUCCESSFUL, DEPLOYMENT_FAILED, UNCONFIGURING_GATEWAY, RELEASING_EIPS, TERMINATING_GATEWAY, DELETING_SECURITY_GROUPS, DELETING_CLOUD_RESOURCES, UNDEPLOYMENT_SUCCESSFUL, UNDEPLOYMENT_FAILED, NOT_APPLICABLE, CLEANUP_INPROGRESS, CLEANUP_FAILED
error_code Error code for gateway operation failure integer Readonly
error_message Error message for gateway operation failure string Readonly
gateway_ha_index Index of HA that indicates whether gateway is primary or secondary. If index is 0, then it is primary gateway. Else secondary gateway. integer
gateway_instance_id ID of the gateway instance string
gateway_lcp_connectivity_status Gateway to NSX Controller connectivity status

Status of connectivity between NSX controller and public cloud gateway.
string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN
gateway_mpa_connectivity_status Gateway to NSX Manager connectivity status

Status of connectivity between NSX manager and public cloud gateway.
string Readonly
Enum: UP, DOWN, UNKNOWN
gateway_name Name of the gateway instance string
gateway_node_id NSX Node ID of the public cloud gateway string
gateway_status Gateway instance status string Readonly
Enum: UP, DOWN, DEPLOYING, NOT_AVAILABLE, UNDEPLOYING, COPYING_IMAGE
gateway_tn_id NSX transport node id of the public cloud gateway string
is_gateway_active Flag to identify if this is an active gateway boolean Readonly
private_ip Private IP address of the virtual machine string Readonly
public_ip Public IP address of the virtual machine string Readonly
vpn_private_ip VPN Private IP address

Private IP address of the virtual machine for VPN		 string Readonly

AzureGatewayStatus (schema)

Azure Gateway Status

Stores Azure gateway status related information

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
gateway_cluster_id NSX gateway cluster ID

Cluster ID of NSX gateway		 string
gateway_instances_status Gateway Instances Status

Array of gateway instances statuses		 array of AzureGatewayInstanceStatus Readonly

AzureGatewayUndeployConfig (schema)

Azure gateway undeployment configuration

Stores configuration for Azure gateway undeployment request.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
account_id Azure Account ID

ID of the Azure account.		 string Required
instance_id Azure Instance ID

ID of the gateway instance.		 string Required

AzureGatewaysListRequestParameters (schema)

Azure Gateways List Request Parameters

A set of optional filter parameters to list Azure gateways. Multiple
parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Azure Account ID

Optional identifier for account based on which Azure gateways list can
be filtered.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Azure Region ID

Optional identifier for region based on which Azure Gateways list can
be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
vnet_id Azure Virtual Network ID

Optional identifier for virtual network based on which Azure Gateways
list can be filtered. It consists of resourceGuid of Azure Vnet.
string

AzureGatewaysListResult (schema)

Azure Gateways List Result

Stores a list of Azure gateways.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of Azure gateways.		 array of AzureGatewayDeployConfig
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureIpAllocationConfig (schema)

Cloud IP allocation configuration

Azure cloud specific configuration parameters to create IP allocations for
a Pivotal Application Service / Pivotal Cloud Foundry foundation.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cloud_account_id Cloud Account ID

ID of the Cloud Account in which the IPs are allocated.
string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_allocation_mode IP Allocation Mode

PUBLIC_IP: Allocate new public IP.
LINK_LOCAL_IP: Allocate new link local IP.
string Enum: PUBLIC_IP, LINK_LOCAL_IP
Default: "PUBLIC_IP"
ip_allocation_type IP allocation type

Based on the type, IP allocation will be done accordingly.
Legal values are PAS and NAT.
string Enum: PAS, NAT
Default: "PAS"
number_of_allocations Number of IP allocations required. integer Required
resource_type Must be set to the value AzureIpAllocationConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vnet_id Vnet ID

ID of the Azure Vnet in which the IPs are allocated.
string Required

AzureIpAllocationMappings (schema)

Cloud IP allocation mappings

Stores information about Cloud IP mapping for a Pivotal Application Service
/ Pivotal Cloud Foundry foundation.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cloud_account_id Cloud Account ID

ID of the Cloud Account in which the IPs are allocated.
string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_code Error code for IP allocation failure integer Readonly
error_message Error message for IP allocation failure string Readonly
id Unique identifier of this resource string Sortable
ip_allocation_type IP allocation type

Based on the type, IP allocation will be done accordingly.
Legal values are PAS and NAT.
string Readonly
Enum: PAS, NAT
Default: "PAS"
ip_mappings IP mappings for a foundation. array of CloudIpAllocationMapping Readonly
ip_operation_status IP Allocation State

Indicates the state of the IP allocation or de-allocation.
ALLOCATION_IN_PROGRESS: IP allocation is in progress.
DELETION_IN_PROGRESS: IP de-allocation or deletion is in progress.
SUCCESSFUL: IP allocation is successful. Successful de-allocation can
be confirmed if the status API for this mapping returns a 404 error.
FAILED: IP allocation or de-allocation failed.
string Readonly
Enum: ALLOCATION_IN_PROGRESS, DELETION_IN_PROGRESS, SUCCESSFUL, FAILED
resource_type Must be set to the value AzureIpAllocationMappings string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vnet_id Vnet ID

ID of the Azure Vnet in which the IPs are allocated.
string Readonly

AzureIpMappingsListRequestParameters (schema)

These paramaters will be used to filter the list of IP allocation mappings.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
cloud_account_id Cloud Account ID

ID of the Cloud Account in which the IPs are allocated.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
display_name Name of IP Mappings

Name of IP Mappings.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ip_allocation_type IP allocation type

Based on the type, IP allocation will be done accordingly.
Legal values are PAS and NAT.
string Enum: PAS, NAT
Default: "PAS"
mapping_id Mapping ID

ID of the mapping returned in IP allocation request.
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
vnet_id Vnet ID

ID of the Azure Vnet in which the IPs are allocated.
string

AzureIpMappingsListResult (schema)

Cloud IP Mappings List Result

Stores a list of Cloud IP mappings.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Cloud IP mappings Results

Array of Cloud public/link local IP to secondary IP mappings.
array of AzureIpAllocationMappings
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzurePublicIpListRequestParameters (schema)

Azure Public IP List Request Parameters

A set of filter parameters to list Azure Public IPs. Multiple parameters
can be given as input to 'AND' them.

Name Description Type Notes
account_id Account ID

Mandatory identifier for account based on which public IPs are
to be filtered.
string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Region ID

Optional identifier for region based on which public IPs
are to be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
vnet_id Azure Virtual Network ID

Optional identifier for "nsx.vnet" tag on which public IPs
are to be filtered.
string

AzurePublicIpListResult (schema)

Azure Public IP List Result

Stores a list of Azure public IPs.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Azure Public IP

Array of Azure Public IPs.
array of string Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureRegion (schema)

Azure Region Information

Stores information about an Azure region.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
associated_account_ids Associated Azure Account IDs

Array of associated Azure account IDs.		 array of string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
gateway_stats Gateway Statistics

Stores statistics of the number of UP, DOWN and DEPLOYING gateways.
GatewayStats Readonly
has_managed_vnet Has a managed Virtual Network? boolean Readonly
id Unique identifier of this resource string Sortable
instance_stats Instance Statistics

Stores statistics of the number of MANAGED, UNMANAGED and ERROR instances.
InstanceStats Readonly
resource_type Must be set to the value AzureRegion string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vnet_stats Virtual Network Statistics

Stores statistics of the number of MANAGED and UNMANAGED virtual networks.
VnetStats Readonly

AzureRegionsListRequestParameters (schema)

Azure Regions List Request Parameters

A set of optional filter parameters to list Azure regions. Multiple
parameters can be given as input to use 'AND' them.

Name Description Type Notes
account_id Azure Account ID

Optional identifier for account based on which regions list can be
filtered.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Azure Region ID

Optional identifier for region based on which the regions list can be
filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string

AzureRegionsListResult (schema)

Azure Regions List Result

A list of Azure regions.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of Azure regions.		 array of AzureRegion
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureResourceGroup (schema)

Azure Resource Group

Stores Azure resource group information.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
resource_group_id Id of resource group

Id of resource group.
string
resource_group_name Name of resource group

Name of resource group.
string

AzureResourceGroupsListResult (schema)

Azure Resource Groups List Result

Stores a list of Azure resource groups.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Azure resource groups Results

Array of Azure resource groups.
array of AzureResourceGroup Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureResourcesListRequestParameters (schema)

Azure Resource List Request Parameters

A set of filter parameters to list Azure resources. Multiple parameters
can be given as input to 'AND' them.

Name Description Type Notes
account_id Account ID

Optional identifier for account based on which resources are
to be filtered.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
is_managed_by_nsx Is Managed By NSX

Filter parameter to obtain security groups which are managed by NSX.
boolean
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Region ID

Optional identifier for region based on which resources
are to be filtered.
string
resource_group_id Resource Group ID

Optional identifier for resource group id based on which resources
are to be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
vnet_id Virtual Network ID

Optional identifier for virtual network based on which resources
are to be filtered.
string

AzureSecurityGroup (schema)

Azure VNet Security Group

Stores information about an Azure VNet security group.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
associated_vnet_ids VNet IDs

Array of VNet IDs.		 array of string Readonly
cloud_tags Cloud Tags

Array of tags associated to a cloud security group.
array of CloudTag Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
inbound_rules Inbound Rules

Array of inbound rules of the Azure security group.		 array of AzureSecurityGroupRule Readonly
instances_count Count Of Instances

Number of instances associated to cloud security group.		 integer Readonly
is_managed_by_nsx Is Managed By NSX

If the flag is true, the cloud security group is managed by NSX.
boolean Readonly
nsx_security_group_mapping NSX Security Group Mapping

Map of cloud application security groups associated to this Azure
network security group and corresponding NSX security groups.
array of SecurityGroupDetails Readonly
outbound_rules Outbound Rules

Array of outbound rules of the Azure security group.		 array of AzureSecurityGroupRule Readonly
region_id Region ID

ID of the cloud region.		 string Readonly
resource_group_name Resource Group Name

Name of the Azure resource group.		 string Readonly
resource_id Resource ID

Resource ID of Azure Network Security Group.		 string Readonly
resource_type Must be set to the value AzureSecurityGroup string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
security_group_id Security Group ID

ID of the cloud security group.		 string Readonly
security_group_name Security Group Name

Name of the cloud security group.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AzureSecurityGroupRule (schema)

Azure Security Group Rule

Stores information about an Azure security group rule.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
action Action

Action configured for the Azure security group rule.		 string Readonly
Enum: ALLOW, DENY
description Description of this resource string Maximum length: 1024
Sortable
destination Destination

Destination corresponding to the cloud security group rule.
string Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
port_range Port Range

Port range corresponding to the cloud security group rule.
string Readonly
priority Priority

Priority of the Azure security group rule.		 integer Readonly
protocol Protocol

Protocol corresponding to the cloud security group rule.
string Readonly
resource_type Must be set to the value AzureSecurityGroupRule string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
source Source

Source corresponding to the cloud security group rule.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AzureSecurityGroupsListResult (schema)

Azure Security Groups List Result

Stores a list of Azure security groups.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of Azure security groups.		 array of AzureSecurityGroup
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureServiceEndpoint (schema)

Azure Service Endpoint

Stores endpoint information about any service which is provided by Azure. NSX
supported services are currently limited to Azure Storage, Azure SQL
Database, Azure Cosmos DB and Azure Load Balancer.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
nsx_security_groups NSX security groups array

Stores an array of NSX security groups associated to this cloud service
endpoint.
array of SecurityGroup Readonly
resource_type Must be set to the value AzureServiceEndpoint string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
service_endpoint_id Service Endpoint ID

Cloud provided ID of the service endpoint.		 string Readonly
service_endpoint_type Service Endpoint Type

Cloud provided type of the service endpoint.		 string Readonly
service_name Service Name

Name of the cloud service the endpoint is associated with.		 string Readonly
service_type Service type

Stores the type of Azure service corresponding to this endpoint.
AZURE_COSMOSDB - Azure Cosmos DB
AZURE_SQL - Azure SQL Database
AZURE_STORAGE - Azure Storage
AZURE_LOAD_BALANCER - Azure Load Balancer
string Readonly
Enum: AZURE_COSMOSDB, AZURE_SQL, AZURE_STORAGE, AZURE_LOAD_BALANCER
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AzureServiceEndpointsListRequestParameters (schema)

These paramaters will be used to filter the list of Azure service endpoints.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
service_endpoint_id Azure Service Endpoint ID

Optional ID of Azure service endpoint based on which the list of service endpoints
are to be filtered.
string
service_name Azure Service Name

Optional name of Azure service based on which the list of service endpoints are
to be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string

AzureServiceEndpointsListResult (schema)

Azure Service Endpoints List Result

Stores a list of service endpoints which are provided by Azure with
information about each of them. NSX supported services are currently
limited to Azure Storage, Azure SQL Database, Azure Cosmos DB and Azure
Load Balancer.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of Azure service endpoints.		 array of AzureServiceEndpoint
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureStorageAccount (schema)

Azure Storage Account

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
name Name of the Azure Storage Account string Required

AzureStorageAccountList (schema)

List of Azure Storage Accounts

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Azure Storage Accounts list array of AzureStorageAccount
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureStorageAccountsListRequestParameters (schema)

These paramaters will be used to filter the list of storage accounts.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Identifier for account based on which list of storage accounts will be obtained string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Identifier for region based on which list of storage accounts will be obtained string Required
sort_ascending boolean
sort_by Field by which records are sorted string

AzureSubnet (schema)

Azure Subnet

Stores information about an Azure subnet.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
address_space Azure subnet address space

Address space of the subnet in IPv4 CIDR block format.		 string Readonly
Format: ipv4-cidr-block
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id ID of Subnet string Readonly
resource_type Must be set to the value AzureSubnet string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vnet_id Azure Virtual Network ID

ID of the Azure Virtual Network.It consists of resourceGuid of Azure Vnet.		 string Readonly

AzureSubnetListRequestParameters (schema)

Azure Subnet List Request Parameters

A set of filter parameters to list Azure subnets. Multiple parameters can
be given as input to 'AND' them.

Name Description Type Notes
account_id Account ID

Mandatory identifier for account based on which subnets are to be filtered.
string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Region ID

This field is DEPRECATED. region_id will be learnt from vnet_id
information.
string Deprecated
sort_ascending boolean
sort_by Field by which records are sorted string
vnet_id Virtual Network ID

Identifier for vnet based on which subnets are to be filtered. It consists of resourceGuid of Azure Vnet.
string Required

AzureSubnetListResult (schema)

Azure subnets List Result

Stores a list of Azure subnets.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of Azure subnets.
array of AzureSubnet Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureTransitVnetConfig (schema)

Azure Transit VNet Configuration

Stores the account IDs and VNet ID related to
the transit VNet.

Name Description Type Notes
account_id Azure account ID

Azure account ID of the transit VNet. This field is
deprecated. Field account_id can be learnt using vnet_id.
GET /csm/azure/vnets/ API returns associated_account_ids.
Hence, this field is optional.
string Deprecated
vnet_id VNet ID

VNet ID of the transit VNet.		 string Required

AzureTransitVnetInfo (schema)

Azure Transit VNet Information

Stores the account ID and VNet ID related to the transit VNet. A transit VNet is a Azure VNet in which public cloud gateways are deployed and is managing the workload VMs present in other compute VNets.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
associated_account_ids Array of Cloud Account IDs

Cloud account ID related to the virtual private cloud.
array of string Required
Readonly
virtual_private_cloud_id Virtual Private Cloud ID

Virtual private cloud ID of the corresponding cloud.
string Required
Readonly
virtual_private_cloud_name Virtual Private Cloud name

Virtual private cloud name of the corresponding cloud.
string Required
Readonly

AzureVNetConfig (schema)

AZURE VNet Configuration

Stores the configuration such as default_quarantine_policy_enabled, cloud_fallback_security_group_id and auto_agent_install_enabled for correponding AZURE VNet.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auto_agent_install_enabled Auto Agent Install Enabled

Flag to identify if NSX agent installation will be done
automatically or not. As of now this is supported for Azure Cloud only.
If the flag managed_without_agents is set to true, this property will
be ignored.
boolean Default: "False"
cloud_fallback_security_group_id Id of Cloud Security Group

Id of security group where the VMs should be moved after last gateway
undeployed. This field is required only when
default_quarantine_policy_enabled field is set to false.
string
default_quarantine_policy_enabled Flag to Identify if Default Quarantine Policy is Enabled

Flag to convey if virtual machines belonging to the compute
virtual private cloud should be quarantined or not.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
managed_without_agents Managed Without NSX Agents

This flag determines if this compute virtual private cloud is managed
with or without NSX agents.
boolean Default: "False"
resource_type Must be set to the value AzureVNetConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

AzureVirtualMachine (schema)

Azure Virtual Machine Information

Stores information about a Azure Virtual Machine

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
agent_status Agent Status

UP - NSX Agent is up and running
DOWN - NSX Agent is down
NO_AGENT - No NSX Agent installed on instance
UNKNOWN - NSX Agent status is unknown
NEEDS_UPDATE - NSX Agent running on instance needs to be updated
string Readonly
Enum: UP, DOWN, NO_AGENT, UNKNOWN, NEEDS_UPDATE
agent_version Agent version details string Readonly
associated_account_ids Associated Cloud Account IDs

Array of associated cloud account IDs.		 array of string
cloud_instance_type Cloud Instance Type

This field represents various type of service instances in cloud.
VIRTUAL_MACHINE: Virtual machine deployed in public cloud.
AWS_RDS_INSTANCE: Amazon Relational Database Service Instance.
AWS_RDS_CLUSTER: Amazon Relational Database Service Cluster.
AWS_APPLICATION_ELB_INSTANCE: Amazon Application Elastic LoadBalancer.
AWS_CLASSIC_ELB_INSTANCE: Amazon Classic Elastic LoadBalancer.
HORIZON_MANAGEMENT: Virtual Machines that are deployed on Microsoft Azure using
Horizon Cloud Services(HCS) that are used for managing other instances
in the network. This includes, Management VMs, Unified Access Gateway (UAG) VMs, Base VMs.
HORIZON_VDI: Virtual Desktop Image (VDI) deployed on Microsoft Azure using Horizon
Cloud Services(HCS).
string Readonly
Enum: VIRTUAL_MACHINE, AWS_RDS_INSTANCE, AWS_RDS_CLUSTER, AWS_APPLICATION_ELB_INSTANCE, AWS_CLASSIC_ELB_INSTANCE, HORIZON_MANAGEMENT, HORIZON_VDI
cloud_network_security_group Cloud Network Security Group

Stores information about the cloud network security group associated to
the virtual machine.
SecurityGroup Readonly
cloud_tags Cloud tags for the instance array of CloudTag Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_messages List of error messages

List of error messages identified. Returns only error messages
identified in the last 1 hour.
array of ComputeInstanceErrorMessage Readonly
gateway_ha_index Gateway HA Index

Index of HA that indicates whether gateway is primary or secondary.
If index is 0, then it is primary gateway. Else secondary gateway.
integer
gateway_status Gateway Status string Readonly
Enum: UP, DOWN, DEPLOYING, NOT_AVAILABLE, UNDEPLOYING, COPYING_IMAGE
id Unique identifier of this resource string Sortable
is_gateway Flag to identify if this instance is a gateway node boolean Readonly
is_gateway_active Flag to identify if this instance is an active gateway node boolean Readonly
logical_switch_display_name Logical Switch display name string Readonly
logical_switch_id Logical Switch ID string Readonly
managed_by_nsx Indicate if instance is managed by NSX or not boolean Required
Readonly
nsx_failed_rules_count NSX failed rules count

Number of NSX firewall rules failed to realize on cloud for the instance.
integer Readonly
nsx_ip IP address provided by NSX string Readonly
nsx_security_group_mapping NSX Security Group Mapping

Map of cloud security groups associated to the instance and
corresponding NSX security groups.
array of SecurityGroupDetails Readonly
nsx_security_rule_errors NSX Security Rule Errors

DEPRECATED. Array of NSX security rule realization errors.
To get this information call /csm/virtual-machines//firewall-rules
array of NsxSecurityRuleErrorDetails Deprecated
Readonly
nsx_security_rule_errors_count NSX Security Rule Errors Count

DEPRECATED. Count of the NSX security rule realization errors.
To get this information call /csm/virtual-machines//firewall-rules
integer Deprecated
Readonly
nsx_successful_rules_count NSX successful rules count

Number of NSX firewall rules successfully configured for this instance.
integer Readonly
os_details Operating system details string Readonly
os_type Operating system of the instance string Readonly
power_state Power State

Indicates power state of the virtual machine as returned by Azure.
string Readonly
Enum: RUNNING, DEALLOCATING, DEALLOCATED, STARTING, STOPPED, STOPPING, UNKNOWN
private_ip Private IP address of the instance string Readonly
public_ip Public IP address of the instance string Readonly
quarantine_state Quarantine State

Indicates the quarantine state of the instance.
QUARANTINED - This state implies instance is moved to quarantine security
group because some threat has been detected.
NOT_QUARANTINED - This state implies no quarantine action has been
taken.
UNKNOWN - This state implies either quarantine policy is disabled or
quarantine information is not available.
OVERRIDDEN - This state implies instance is associated with vm_override_sg
which overrides any action based on threat detection.
WHITELISTED - This state implies that quarantine operation will not
be performed on the instance [DEPRECATED - replaced with USERMANAGED].
USERMANAGED - This state implies that quarantine operation will not
be performed on the instance.
NOT_APPLICABLE - This state will be populated for agentless instance, Horizon Management instance.
string Readonly
Enum: QUARANTINED, NOT_QUARANTINED, UNKNOWN, OVERRIDDEN, WHITELISTED, USERMANAGED, NOT_APPLICABLE
region Azure region

Azure region in which virtual machine is residing		 string Readonly
resource_group Resource Group

Resource Group of the Azure Virtual Machine.		 string Readonly
resource_id Azure Virtual Machine resource id

Resource Id of Azure Virtual Machine.		 string Readonly
resource_type Must be set to the value AzureVirtualMachine string Required
Enum: AwsVirtualMachine, AzureVirtualMachine
segment_display_name Segment display name

Segment display name on which this instance resides.
string Readonly
segment_id Segment ID

Segment ID on which this instance resides.
string Readonly
status Instance status

POWERED_ON - Powered on instance
POWERED_OFF - Powered off instance
MANAGED_GATEWAY - Instances that are public cloud gateways
MANAGED - Instances that are managed by NSX
UNMANAGED - Instances that are not managed by NSX or untagged
ERRORED - Instances with no NSX Agent connectivity, NSX Agent is down,
No NSX Policy configured for Agentless VMs or Error on NSX Policy
rule realization.
QUARANTINED - Instances which have been quarantined
WHITELISTED - Instances which have been whitelisted [DEPRECATED - replaced with USERMANAGED]
USERMANAGED - Instances which have been marked as usermanaged.
string Readonly
Enum: POWERED_ON, POWERED_OFF, UNMANAGED, MANAGED_GATEWAY, MANAGED, ERRORED, QUARANTINED, WHITELISTED, USERMANAGED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
threat_state Threat State

Indicates the threat state of the instance.
NORMAL - This state implies no threat has been detected and instance is
functioning as expected.
THREAT - This state implies quarantine enabling threat has been
detected.
INVALID - This state implies either instance is unmanaged or threat related
information is not available.
NOT_APPLICABLE - This state will be populated for agentless instance.
string Readonly
Enum: NORMAL, THREAT, INVALID, NOT_APPLICABLE
vm_config_status Status for user configurable properties VmConfigStatus Readonly
vm_extension_execution_status VM extension script execution status

UNKNOWN - This is the default state. Indicates no information available
regarding extension execution. This can potentially occur for
a VM when agent is installed out of band or if
cloud_agent_automated_install_enabled flag is enabled for the
VNET/VPC which already has managed VMs.
SUCCESSFUL - Indicates VM extension script execution was successful.
This does not necessarily mean agent installation was
successful.
FAILED - Indicates VM extension script execution failed.
string Readonly
vnet Azure virtual network

Azure virtual network ID in which virtual machine is residing
string Readonly
vnet_name Azure virtual network name

Azure virtual network name in which virtual machine is residing
string Readonly

AzureVnet (schema)

Azure VNet

Stores information about an Azure VNet (Virtual Network).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
agent_info Azure Agent Information

Array of agent install and download instructions for various OS types.		 array of AgentInfo Readonly
associated_account_ids Associated Azure Account IDs

Array of associated Azure account IDs.		 array of string
associated_transit_vnet Associated Azure Transit VNet

Stores the VNet ID and associated account IDs of the transit VNet.
This property describes the associated transit VNet for a given
Azure compute VNet.
AzureTransitVnetInfo Readonly
capabilities List of external capabilities that are discovered on this virtual network

This parameter will list out all external services and/or any other
capabilities that are discovered by NSX on this virtual network.
The array is empty by default.
array of string Readonly
Enum: HORIZON
cidr_blocks IPv4 CIDR Block

IPv4 CIDR Block of the virtual network.		 array of CidrBlock Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
gateway_info Gateway Info

Gateway information of the virtual network like configuration and status.
AzureGatewayInfo Readonly
id Unique identifier of this resource string Sortable
instance_stats Instance Statistics

Stores statistics of the number of MANAGED, UNMANAGED,
ERRORED and POWERED_OFF instances.
InstanceStats Readonly
is_management_vnet Is Management VNet?

This flag indicates if this is a management virtual network.		 boolean Readonly
Default: "False"
managed_vnets Array of NSX Managed Compute VNets

Array of compute VNets managed by a transit VNet. This property
describes array of managed compute VNet for a given transit VNet.
array of ManagedVnetInfo Readonly
op_status Azure VNet Operational Status

Operational status of the virtual network.		 AzureVnetOpStatus Readonly
region_id Region ID

ID of the Azure region.		 string Readonly
resource_group Resource Group

Resource Group of the Azure VNet.		 string Readonly
resource_id Azure VNet resource id

Resource Id of Azure VNet.		 string Readonly
resource_type Must be set to the value AzureVnet string
storage_account_name Azure Storage Account Name

Azure Storage Account where gateway image will be copied.		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zones Transport Zones

Array of transport zones in the virtual network.		 array of TransportZoneInfo Readonly
vdi_stats Horizon VDI Statistics

Stores statistics of the number of Horizon desktops in different states such as
MANAGED, UNMANAGED, ERRORED and POWERED_OFF
InstanceStats Readonly
vnet_status Azure Compute VNet Status

Stores onboard and offboard states and corresponding error messages
and error code related to Azure compute VNet. The status for a transit
VNet should be obtained from gateway_info.
AzureComputeVnetStatus Readonly

AzureVnetListRequestParameters (schema)

Azure VNet List Request Parameters

A set of optional filter parameters to list Azure virtual networks.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
account_id Account ID

Optional identifier for account based on which virtual networks list
can be filtered.
string
associated_transit_vnet_id Transit VNet ID

Identifier for filtering all the compute VNets which are NSX managed
by the given transit VNet.
string
cidr IPv4 CIDR Block

Optional identifier for IPv4 CIDR Block based on which virtual networks
list can be filtered.
CidrBlock
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
op_status Azure VNet Operational Status

Operational status of the virtual network.		 AzureVnetOpStatus Readonly
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
region_id Region ID

Optional identifier for region based on which virtual networks list can
be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
status_filter Filter by overall VNet status

MANAGED - VNet is managed by NSX
UNMANAGED - VNet is not managed by NSX
ERRORED - VNet is in error state
string Readonly
Enum: MANAGED, UNMANAGED, ERRORED
vnet_id Virtual Network ID

Optional identifier for virtual network based on which virtual networks
list can be filtered. It consists of resourceGuid of Azure VNet.
string

AzureVnetListResult (schema)

Azure VNet List Result

Stores a list of Azure virtual networks.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of Azure virtual networks.		 array of AzureVnet
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

AzureVnetOpStatus (schema)

Operational Status

Operational status of the azure virtual network. After
there are gateways deployed in a VNet, that VNet is called as transit
VNet and it's status will be set as NSX_MANAGED_BY_GATEWAY.
For all the compute VNets which are being managed by a transit VNet,
their status will be set as NSX_MANAGED_BY_TRANSIT_VNET.
NSX_GATEWAY_ERROR status means gateways are deployed in VNet, but no gateway
is UP and at least one gateway is DOWN, The remaining gateway can be in
NOT_AVAILABLE state. NSX_COMPUTE_ERROR status will be shown in compute VNet
when transit VNet is in NSX_GATEWAY_ERROR state.
Status for all the rest of the VNets will be NSX_UNMANAGED.
NSX_MANAGED is deprecated.

Name Description Type Notes
AzureVnetOpStatus Operational Status

Operational status of the azure virtual network. After
there are gateways deployed in a VNet, that VNet is called as transit
VNet and it's status will be set as NSX_MANAGED_BY_GATEWAY.
For all the compute VNets which are being managed by a transit VNet,
their status will be set as NSX_MANAGED_BY_TRANSIT_VNET.
NSX_GATEWAY_ERROR status means gateways are deployed in VNet, but no gateway
is UP and at least one gateway is DOWN, The remaining gateway can be in
NOT_AVAILABLE state. NSX_COMPUTE_ERROR status will be shown in compute VNet
when transit VNet is in NSX_GATEWAY_ERROR state.
Status for all the rest of the VNets will be NSX_UNMANAGED.
NSX_MANAGED is deprecated.
string Readonly
Enum: NSX_MANAGED_BY_GATEWAY, NSX_MANAGED_BY_TRANSIT_VNET, NSX_MANAGED, NSX_UNMANAGED, NSX_GATEWAY_ERROR, NSX_COMPUTE_ERROR

BFDDiagnosticCount (schema)

Name Description Type Notes
administratively_down_count Number of tunnels with administratively message

Number of tunnels with administratively down diagnostic message		 integer
concatenated_path_down_count Number of tunnels with concatenated message

Number of tunnels with concatenated path down diagnostic message		 integer
control_detection_time_expired_count Number of tunnels with expired message

Number of tunnels with control detection time expired diagnostic message		 integer
echo_function_failed_count Number of tunnels with failed message

Number of tunnels with echo function failed diagnostic message		 integer
forwarding_plane_reset_count Number of tunnels with reset message

Number of tunnels with forwarding plane reset diagnostic message		 integer
neighbor_signaled_session_down_count Number of tunnels neighbor signaled session down integer
no_diagnostic_count Number of tunnels with no diagnostic integer
path_down_count Number of tunnels with path down message

Number of tunnels with path down diagnostic message		 integer
reverse_concatenated_path_down_count Number of tunnels with reverse message

Number of tunnels with reverse concatenated path down diagnostic message		 integer

BFDProperties (schema)

BFD information

Name Description Type Notes
active True if tunnel is active in a gateway HA setup boolean Readonly
diagnostic Diagnostic message of a problem

A short message indicating what the BFD session thinks is wrong in case of a problem		 string Readonly
forwarding True if the BFD session believes this interface may be used to forward traffic boolean Readonly
remote_diagnostic Diagnostic message of a problem

A short message indicating what the remote interface's BFD session thinks is wrong in case of a problem		 string Readonly
remote_state State of the remote interface's BFD session string Readonly
Enum: UNKNOWN_STATE, ADMIN_DOWN, DOWN, INIT, UP
state State of the BFD session string Readonly
Enum: UNKNOWN_STATE, ADMIN_DOWN, DOWN, INIT, UP

BFDStatusCount (schema)

Name Description Type Notes
bfd_admin_down_count Number of tunnels in BFD admin down state int
bfd_down_count Number of tunnels in BFD down state int
bfd_init_count Number of tunnels in BFD init state int
bfd_up_count Number of tunnels in BFD up state int

BGPCommunityList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
communities BGP community list

Array of BGP communities		 array of string Required
community_type BGP community type

BGP community type. It has two types as
NormalBGPCommunity BGP normal community which includes well-known
community name as well as community value in range from [1-4294967295]
or value in aa:nn format(aa/nn range from 1-65535).
LargeBGPCommunity BGP large community which includes community value
in aa:bb:nn format where aa, bb, nn are unsigned integers in the range
[1-4294967295].
string Enum: NormalBGPCommunity, LargeBGPCommunity
Default: "NormalBGPCommunity"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
resource_type Must be set to the value BGPCommunityList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BGPCommunityListListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of bgp communities

Paginated list of bgp community lists		 array of BGPCommunityList
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BackupConfiguration (schema)

Configuration for taking manual/automated backup

Name Description Type Notes
after_inventory_update_interval A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups. integer Minimum: 300
Maximum: 86400
backup_enabled true if automated backup is enabled boolean Default: "False"
backup_schedule Set when backups should be taken - on a weekly schedule or at regular intervals. BackupSchedule
(Abstract type: pass one of the following concrete types)
IntervalBackupSchedule
WeeklyBackupSchedule
inventory_summary_interval The minimum number of seconds between each upload of the inventory summary to backup server. integer Minimum: 30
Maximum: 3600
Default: "240"
passphrase Passphrase used to encrypt backup files.

Passphrase used to encrypt backup files.
The passphrase specified must be at least 8 characters in length and must
contain at least one lowercase, one uppercase, one numeric character and one
special character (any other non-space character).
string Pattern: "^$|^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^a-zA-Z\d\s]).{8,}$"
remote_file_server The server to which backups will be sent. RemoteFileServer

BackupFrameRequestParameters (schema)

Backup Frame Request Parameters

Parameters (site_id, etc), that describes a backup/restore frame

Name Description Type Notes
frame_type Frame type

This attribute is used to indicate the service on current
site or other site for which backup is handled in a frame.
LOCAL_LOCAL_MANAGER corresponds to local LM of the site.
LOCAL_MANAGER cprresponds to LM of other site.
string Readonly
Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE
Default: "LOCAL_LOCAL_MANAGER"
site_id Site ID

Site ID of LM site, which will be supported in a frame		 string Default: "localhost"

BackupOperationHistory (schema)

Past backup operation details

Name Description Type Notes
cluster_backup_statuses Statuses of previous cluser backups array of BackupOperationStatus
inventory_backup_statuses Statuses of previous inventory backups array of BackupOperationStatus
node_backup_statuses Statuses of previous node backups array of BackupOperationStatus

BackupOperationStatus (schema)

Backup operation status

Name Description Type Notes
backup_id Unique identifier of a backup string Required
end_time Time when operation was ended EpochMsTimestamp
error_code Error code string Enum: BACKUP_NOT_RUN_ON_MASTER, BACKUP_SERVER_UNREACHABLE, BACKUP_AUTHENTICATION_FAILURE, BACKUP_PERMISSION_ERROR, BACKUP_TIMEOUT, BACKUP_BAD_FINGERPRINT, BACKUP_GENERIC_ERROR, UPGRADE_IN_PROGRESS
error_message Error code details string
start_time Time when operation was started EpochMsTimestamp
success True if backup is successfully completed, else false boolean Required

BackupOverview (schema)

Backup overview

Data for a single backup/restore card

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
backup_config Backup configuration

Configuration to generate a manual/automated backup		 BackupConfiguration Required
backup_operation_history Last backup status

Status of the last backup execution per component		 BackupOperationHistory Required
current_backup_operation_status Current backup status

Backup status decribes type, phase, success/failure and time of a | latest backup execution		 CurrentBackupOperationStatus Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
restore_status Current restore status

Status of restore process executing/executed on appliance		 ClusterRestoreStatus Required
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of timestamps of backed-up cluster files array of ClusterBackupInfo Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BackupOverviewRequestParameters (schema)

Backup overview request parameters

Parameters, that REST API client needs to provide, in order to get data for
a backup/restore card with or without a list of generated backups.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
frame_type Frame type

This attribute is used to indicate the service on current
site or other site for which backup is handled in a frame.
LOCAL_LOCAL_MANAGER corresponds to local LM of the site.
LOCAL_MANAGER cprresponds to LM of other site.
string Readonly
Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE
Default: "LOCAL_LOCAL_MANAGER"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
show_backups_list Need a list of backups

True to request a list of backups		 boolean Default: "True"
site_id UUID of the site

UUID of LM site, which will be supported in a frame		 string Default: "localhost"
sort_ascending boolean
sort_by Field by which records are sorted string

BackupSchedule (schema)

Abstract base type for Weekly or Interval Backup Schedule

This is an abstract type. Concrete child types:
IntervalBackupSchedule
WeeklyBackupSchedule

Name Description Type Notes
resource_type Schedule type string Required
Enum: WeeklyBackupSchedule, IntervalBackupSchedule

BackupUiFramesInfo (schema)

Name Description Type Notes
active_gm Does site have active GM string Readonly
Enum: ACTIVE, STANDBY, NONE, INVALID
api_endpoint prefix to be used for api call string Required
Readonly
Enum: global-manager, nsxapi, ica
frame_type Type of service, for which backup is handled string Required
Readonly
Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE
site_id Id of the site string Required
Readonly
site_version Version of the site string Required
Readonly

BackupUiFramesInfoList (schema)

Name Description Type Notes
backup_frames_list List of backup frames(and metadata) to be displayed in UI array of BackupUiFramesInfo Required
Readonly

BaseConsolidatedStatusPerEnforcementPoint (schema)

Base class for ConsolidatedStatusPerEnforcementPoint

Consolidated Realized Status Per Enforcement Point.
This is an abstract type. Concrete child types:
ConsolidatedStatusNsxT
ConsolidatedStatusPerEnforcementPoint

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
consolidated_status Consolidated Realized Status

Consolidated Realized Status of an Intent object per enforcement point.
ConsolidatedStatus Readonly
enforcement_point_id Enforcement Point Id

Enforcement Point Id.		 string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required
site_path Site Path

The site where this enforcement point resides.		 string Readonly

BaseEdgeStatisticsRequestParameters (schema)

Routes request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Policy path of edge node

Policy path of edge node. Edge node must be member of enforcement point.
Edge path is required when interface specified is either service or
loopback interface.
string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
This property is required for retrieving routes in CSV format.
string
host_transport_node_path Policy path of host transport node

Policy path of host transport node.
In case of API used from Global Manager, use the HostTransportNode path from Local Manager.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

BaseEndpoint (schema)

An endpoint to be used in redirection rule

Represents an endpoint which will be used as subject in rule.
It is a polymorphic type object which can be either of the types -
1. Virtual
2. Logical
We have 2 separate objects representing these 2 types.
VirtualEndPoint for Virtual type and ServiceInstanceEndpoint
for Logical.
This is an abstract type. Concrete child types:
ServiceInstanceEndpoint
VirtualEndpoint

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value BaseEndpoint string Required
Enum: VirtualEndpoint, ServiceInstanceEndpoint
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target_ips IP addresses to redirect the traffic to

IPs where either inbound or outbound traffic is to be redirected.
array of IPInfo Required
Minimum items: 1
Maximum items: 1
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

BaseFirewallProfile (schema)

This is an abstract type. Concrete child types:
FirewallCpuMemThresholdsProfile
FirewallDnsProfile
FirewallFloodProtectionProfile
FirewallSessionTimerProfile
GeneralSecuritySettingsProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value BaseFirewallProfile string Required
Enum: FirewallSessionTimerProfile, FirewallCpuMemThresholdsProfile, FirewallFloodProtectionProfile, FirewallDnsProfile, GeneralSecuritySettingsProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BaseHostSwitchProfile (schema) (Deprecated)

This is an abstract type. Concrete child types:
ExtraConfigHostSwitchProfile
LldpHostSwitchProfile
NiocProfile
UplinkHostSwitchProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
required_capabilities array of string Readonly
resource_type Must be set to the value BaseHostSwitchProfile HostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BaseListRequestParameters (schema)

Routes request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
This property is required for retrieving routes in CSV format.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

BaseNodeAggregateInfo (schema)

Name Description Type Notes
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
id Unique identifier of this resource string Readonly
node_interface_properties Array of Node interface statistic properties array of NodeInterfaceProperties Readonly
node_interface_statistics Array of Node network interface statistic properties array of NodeInterfaceStatisticsProperties Readonly
node_status ClusterNodeStatus Readonly
node_status_properties Time series of the node's system properties array of NodeStatusProperties

BasePktCapResource (schema)

This is an abstract type. Concrete child types:
PktCapResource
PolicyPktCapResource

Name Description Type Notes
resource_type Type of packet capture resource string Required

BasePolicyServiceInstance (schema)

Represents an instance of partner Service and its configuration

Represents an instance of partner Service and its configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
deployment_mode Deployment Mode

Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.		 string Enum: STAND_ALONE, ACTIVE_STANDBY
Default: "ACTIVE_STANDBY"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
partner_service_name Name of Partner Service

Unique name of Partner Service in the Marketplace		 string Required
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value BasePolicyServiceInstance string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type Transport Type

Transport to be used while deploying Service-VM.		 string Enum: L2_BRIDGE, L3_ROUTED
Default: "L2_BRIDGE"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

BaseRule (schema)

A rule represent base properties for ,dfw, forwarding, redirection rule

A rule indicates the action to be performed for various types of traffic flowing between workload groups.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_groups Destination group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
destinations_excluded Negation of destination groups

If set to true, the rule gets applied on all the groups that are
NOT part of the destination groups. If false, the rule applies to the
destination groups
boolean Default: "False"
direction Direction

Define direction of traffic.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Flag to disable the rule

Flag to disable the rule. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.
The value is set to IPV4_IPV6 for Layer3 rule if not specified.
For Layer2/Ether rule the value must be null.
string Enum: IPV4, IPV6, IPV4_IPV6
is_default Default rule flag

A flag to indicate whether rule is a default rule.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
notes Text for additional notes on changes

Text for additional notes on changes.		 string Maximum length: 2048
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profiles Layer 7 service profiles or TLS action profile

Holds the list of layer 7 service profile paths. These profiles accept
attributes and sub-attributes of various network services
(e.g. L4 AppId, encryption algorithm, domain name, etc) as key value
pairs. Instead of Layer 7 service profiles you can use a L7 access profile.
One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule.
In case of L7 access profile only one is allowed.
array of string Maximum items: 128
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value BaseRule string
rule_id Unique rule ID

This is a unique 4 byte positive number that is assigned by the system.
This rule id is passed all the way down to the data path. The first 1GB
(1000 to 2^30) will be shared by GM and LM with zebra style striped
number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM
and so on.
integer Readonly
scope The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied
on multiple LRs/LRPs.
array of string Maximum items: 128
sequence_number Sequence number of the this Rule

This field is used to resolve conflicts between multiple
Rules under Security or Gateway Policy for a Domain
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple rules with the same
sequence number then their order is not deterministic. If a specific
order of rules is desired, then one has to specify unique sequence
numbers or use the POST request on the rule entity with
a query parameter action=revise to let the framework assign a
sequence number
int Minimum: 0
service_entries Raw services

In order to specify raw services this can be used,
along with services which contains path to services.
This can be empty or null.
array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Maximum items: 128
services Names of services

In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
array of string Maximum items: 128
source_groups Source group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
sources_excluded Negation of source groups

If set to true, the rule gets applied on all the groups that are
NOT part of the source groups. If false, the rule applies to the
source groups
boolean Default: "False"
tag Tag applied on the rule

User level field which will be printed in CLI and packet logs.
Even though there is no limitation on length of a tag, internally
tag will get truncated after 32 characters.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

BaseRuleListResult (schema)

Paged Collection of Rules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BaseServiceInstance (schema)

Base Instance of a service

The deployment of a registered service. service instance is instantiation of service. This is an abstract type. Concrete child types:
ByodServiceInstance
ServiceInstance
VirtualServiceInstance

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
on_failure_policy On Failure Policy

Failure policy of the service instance - if it has to be different from the service. By default the service instance inherits the FailurePolicy of the service it belongs to.		 string Enum: ALLOW, BLOCK
resource_type Must be set to the value BaseServiceInstance ServiceInstanceResourceType Required
service_id Service Id

The Service to which the service instance is associated.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type Transport Type

Transport to be used by this service instance for deploying the Service-VM. This field is to be set Not Applicable(NA) if the service only caters to functionality EPP(Endpoint Protection) and MPS.		 string Required
Enum: L2_BRIDGE, L3_ROUTED, NSH, NA

BaseServiceProfile (schema)

Base Service Profile

Base Service Profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value BaseServiceProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BaseSwitchingProfile (schema) (Deprecated)

This is an abstract type. Concrete child types:
IpDiscoverySwitchingProfile
MacManagementSwitchingProfile
QosSwitchingProfile
SpoofGuardSwitchingProfile
SwitchSecuritySwitchingProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
required_capabilities array of string Readonly
resource_type Must be set to the value BaseSwitchingProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BaseTier0Interface (schema)

Tier-0 interface configuration

Tier-0 interface configuration for external connectivity.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
dhcp_relay_path policy path of referenced dhcp-relay-config

Policy path of dhcp-relay-config to be attached to this Interface.
string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value BaseTier0Interface string
subnets IP address and subnet specification for interface

Specify IP address and network prefix for interface.
array of InterfaceSubnet Required
Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

BasicAuthenticationScheme (schema)

Name Description Type Notes
password Password to authenticate with string Required
scheme_name Authentication scheme name string Required
Enum: basic
username User name to authenticate with string Required
Pattern: "^.+$"

BatchParameter (schema)

Options that affect how batch operations are processed

Name Description Type Notes
atomic Ignored (transactional atomicity flag)

This flag is ignored. Transactional atomicity is no longer supported.		 boolean Default: "False"

BatchRequest (schema)

A set of operations to be performed in a single batch

Name Description Type Notes
continue_on_error Continue even if an error is encountered. boolean Default: "True"
requests array of BatchRequestItem

BatchRequestItem (schema)

A single request within a batch of operations

Name Description Type Notes
body object
method method type(POST/PUT/DELETE/UPDATE)

http method type		 string Required
Enum: GET, POST, PUT, DELETE, PATCH
uri Internal uri of the call

relative uri (path and args), of the call including resource id (if this is a POST/DELETE), exclude hostname and port and prefix, exploded form of parameters		 string Required

BatchResponse (schema)

The reponse to a batch operation

Name Description Type Notes
has_errors errors indicator

Indicates if any of the APIs failed		 boolean
results Bulk list results array of BatchResponseItem Required
rolled_back indicates if all items were rolled back.

Optional flag indicating that all items were rolled back even if succeeded initially		 boolean

BatchResponseItem (schema)

A single respose in a list of batched responses

Name Description Type Notes
body object returned by api

object returned by api		 object
code object returned by api

http status code		 integer Required
headers object returned by api

The headers returned by the API call		 object

BfdConfig (schema)

BFD configuration for LogicalRouter

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
declare_dead_multiple Number of times a packet is missed before BFD declares the neighbor down. integer Minimum: 2
Maximum: 16
Default: "3"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to enable BFD for this LogicalRouter boolean Default: "False"
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
receive_interval Receive interval for heartbeats

the time interval (in milliseconds) between heartbeat packets for BFD when receiving heartbeats.		 integer Minimum: 50
Maximum: 60000
Default: "500"
resource_type Must be set to the value BfdConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transmit_interval Transmit interval for heartbeats

the time interval (in milliseconds) between heartbeat packets for BFD when sending heartbeats.		 integer Minimum: 50
Maximum: 60000
Default: "500"

BfdConfigParameters (schema)

BFD configuration for the given Peer.

Name Description Type Notes
declare_dead_multiple Number of times a packet is missed before BFD declares the neighbor down. integer Minimum: 2
Maximum: 16
Default: "3"
receive_interval Receive interval for heartbeats

The time interval (in milliseconds) between heartbeat packets for BFD when receiving heartbeats.| For edge cluster type of bare metal, this value should be >= 50ms.| For edge cluster type of virtual machine or hybrid, this value should be >= 500ms.		 integer Minimum: 50
Maximum: 60000
Default: "500"
transmit_interval Transmit interval for heartbeats

The time interval (in milliseconds) between heartbeat packets for BFD when sending heartbeats.| For edge cluster type of bare metal, this value should be >= 300ms.| For edge cluster type of virtual machine or hybrid, this value should be >= 1000ms.		 integer Minimum: 50
Maximum: 60000
Default: "500"

BfdHealthMonitoringConfig (schema)

Bfd Health Monitoring Options

Bfd Health Monitoring Options used specific to BFD Transport Zone profiles

Name Description Type Notes
enabled Whether the heartbeat is enabled. A PATCH or PUT request with "enabled" false (with no probe intervals) will set or reset the probe_interval to their default value. boolean Required
latency_enabled Whether the latency is enabled.

The flag is to turn on/off latency. A PATCH or PUT request with "latency_enabled" true will enable NSX to send the networking latency data to thrid-party monitoring tools like vRNI.		 boolean
probe_interval The time interval (in millisec) between probe packets for tunnels between transport nodes. integer Minimum: 300
Default: "1000"

BfdHealthMonitoringProfile (schema) (Deprecated)

Profile for BFD health monitoring

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Whether the heartbeat is enabled. A POST or PUT request with "enabled" false (with no probe intervals) will set (POST) or reset (PUT) the probe_interval to their default value. boolean Required
id Unique identifier of this resource string Sortable
latency_enabled Whether the latency is enabled.

The flag is to turn on/off latency. A POST or PUT request with "latency_enabled" true will enable NSX to send the networking latency data to thrid-party monitoring tools like vRNI.		 boolean
probe_interval The time interval (in millisec) between probe packets for tunnels between transport nodes. integer Minimum: 300
Default: "1000"
resource_type Must be set to the value BfdHealthMonitoringProfile string Required
Enum: BfdHealthMonitoringProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BfdProfile (schema)

Bidirectional Forwarding Detection configuration for BGP peers

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
interval Time interval between heartbeat packets in milliseconds

Time interval between heartbeat packets in milliseconds.
int Minimum: 50
Maximum: 60000
Default: "500"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
multiple Declare dead multiple

Declare dead multiple.
Number of times heartbeat packet is missed before BFD declares the
neighbor is down.
int Minimum: 2
Maximum: 16
Default: "3"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value BfdProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

BfdProfileListResult (schema)

Paged Collection of BfdProfile

Paged Collection of BfdProfile.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Bfd Profile List Results

Bfd Profile list results.		 array of BfdProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BgpAddressFamily (schema)

Name Description Type Notes
in_prefix_count Count of in prefixes

Count of in prefixes		 integer Readonly
out_prefix_count Count of out prefixes

Count of out prefixes		 integer Readonly
type BGP address family type

BGP address family type		 string Required
Readonly
Enum: IPV4_UNICAST, VPNV4_UNICAST, IPV6_UNICAST, L2VPN_EVPN

BgpBfdConfig (schema)

BFD configuration for BGP peers

Name Description Type Notes
enabled Flag to enable BFD cofiguration

Flag to enable BFD cofiguration.		 boolean Default: "False"
interval Time interval between heartbeat packets in milliseconds

Time interval between heartbeat packets in milliseconds.
int Minimum: 50
Maximum: 60000
Default: "500"
multiple Declare dead multiple

Declare dead multiple.
Number of times heartbeat packet is missed before BFD declares the
neighbor is down.
int Minimum: 2
Maximum: 16
Default: "3"

BgpConfig (schema)

BGP configuration for logical router

BGP configuration for Tier0 logical router. We create BGP configuration
while creation of Tier0 logical router.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
as_num 4 Byte ASN in ASPLAIN/ASDOT Format

For VRF logical router, the as_num from parent logical router will be effective.		 string
as_number Autonomous System Number

This is a deprecated property, Please use 'as_num' instead. For VRF logical router, the as_number from parent logical router will be effective.		 integer Deprecated
Minimum: 1
Maximum: 4294967296
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ecmp Flag to enable outbound ECMP

While creation of BGP config this flag will be set to true
User can change this value while updating BGP config. If this property
is not specified in the payload, the default value will be considered
as true.
boolean Default: "True"
enabled Flag to enable this configuration

While creation of BGP config this flag will be set to
- true for Tier0 logical router with Active-Active high-availability
mode
- false for Tier0 logical router with Active-Standby high-availanility
mode.
User can change this value while updating the config. If this
property is not specified in the payload, the default value will be
considered as false irrespective of the high-availability mode.
boolean Default: "False"
graceful_restart Flag to enable graceful restart

Flag to enable graceful restart. This field is deprecated, kindly use
graceful_restart_config parameter for graceful restart configuration.
If both parameters are set and consistent with each other
[i.e. graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR
graceful_restart=true and graceful_restart_mode=GR_AND_HELPER]
then this is allowed, but if inconsistent with each other then this
is not allowed and validation error will be thrown. For VRF logical router,
the settings from parent logical router will be effective.
boolean Deprecated
graceful_restart_config BGP Graceful Restart configuration

Configuration parameters for BGP Graceful Restart functionality.
It has graceful_restart_mode and graceful_restart_timer parameters.
For VRF logical router, the settings from parent logical router will be effective.
GracefulRestartConfig
id Unique identifier of this resource string Sortable
inter_sr_ibgp Inter SR IBGP configuration InterSRRoutingConfig
logical_router_id Logical router id string Readonly
multipath_relax Flag to enable BGP multipath relax option.

For TIER0 logical router, default is true. For VRF logical router, the settings from parent logical router will be effective.		 boolean
resource_type Must be set to the value BgpConfig string
route_aggregation List of routes to be aggregated array of BgpRouteAggregation Minimum items: 0
Maximum items: 1000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BgpGracefulRestartConfig (schema)

BGP Graceful Restart Configuration

Configuration field to hold BGP restart mode and timer.

Name Description Type Notes
mode BGP Graceful Restart Configuration Mode

If mode is DISABLE, then graceful restart and helper modes are disabled.
If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled.
If mode is HELPER_ONLY, then helper mode is enabled.
HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability
to preserve forwarding state during BGP restart.
GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart
to its peers.
string Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY
Default: "HELPER_ONLY"
timer BGP Graceful Restart Timer

Configuration field to hold BGP restart timers.		 BgpGracefulRestartTimer

BgpGracefulRestartTimer (schema)

BGP Graceful Restart Timers

Configuration field to hold BGP restart timers

Name Description Type Notes
restart_timer BGP Graceful Restart Timer

Maximum time taken (in seconds) for a BGP session to be established after a restart.
This can be used to speed up routing convergence by its peer in case the BGP speaker
does not come back up after a restart. If the session is not re-established within this
timer, the receiving speaker will delete all the stale routes from that peer.
integer Minimum: 1
Maximum: 3600
Default: "180"
stale_route_timer BGP Stale Route Timer

Maximum time (in seconds) before stale routes are removed from the
RIB (Routing Information Base) when BGP restarts.
integer Minimum: 1
Maximum: 3600
Default: "600"

BgpNeighbor (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
address_families AddressFamily settings for the neighbor

User can enable the neighbor for the specific address families and also define filters per address family.
When the neighbor is created, it is default enabled for IPV4_UNICAST address family for backward compatibility reasons.
User can change that if required, by defining the address family configuration.
array of BgpNeighborAddressFamily
allow_as_in Flag to enable allowas_in option for BGP neighbor boolean Default: "False"
bfd_config BFD Configuration Parameters for the given peer.

By specifying these paramaters BFD config for this given peer can be overriden | (the globally configured values will not apply for this peer)		 BfdConfigParameters
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_bfd Enable BFD for this BGP Neighbor

Flag to enable BFD for this BGP Neighbor. Enable this if the neighbor supports BFD as this will lead to faster convergence.		 boolean Default: "False"
enabled Flag to enable this BGP Neighbor boolean Default: "True"
filter_in_ipprefixlist_id IPPrefix List to be used for IN direction filter for IPV4_UNICAST address family

This is a deprecated property, Please use 'address_family' instead.		 string Deprecated
filter_in_routemap_id RouteMap to be used for IN direction filter for IPV4_UNICAST address family

This is a deprecated property, Please use 'address_family' instead.		 string Deprecated
filter_out_ipprefixlist_id IPPrefixList to be used for OUT direction filter for IPV4_UNICAST address family

This is a deprecated property, Please use 'address_family' instead.		 string Deprecated
filter_out_routemap_id RouteMap to be used for OUT direction filter for IPV4_UNICAST address family

This is a deprecated property, Please use 'address_family' instead.		 string Deprecated
graceful_restart_mode Graceful Restart Mode

BGP Graceful Restart mode. If specified, then it will take precedence
over global Graceful Restart mode configured in logical router
BgpConfig otherwise BgpConfig level Graceful Restart mode will be
applicable for peer.
GracefulRestartMode
hold_down_timer Wait period (seconds) before declaring peer dead integer Minimum: 1
Maximum: 65535
Default: "180"
id Unique identifier of this resource string Sortable
keep_alive_timer Frequency (seconds) with which keep alive messages are sent to peers integer Minimum: 1
Maximum: 65535
Default: "60"
logical_router_id Logical router id string Readonly
maximum_hop_limit Maximum Number of hops allowed to reach BGP neighbor

This value is set on TTL(time to live) of BGP header.
When router receives the BGP packet, it decrements the TTL. The default
value of TTL is one when BPG request is initiated.So in the case of a
BGP peer multiple hops away and and value of TTL is one, then next
router in the path will decrement the TTL to 0, realize it cant forward
the packet and will drop it. If the hop count value to reach neighbor
is equal to or less than the maximum_hop_limit value then intermediate
router decrements the TTL count by one and forwards the request to
BGP neighour. If the hop count value is greater than the maximum_hop_limit
value then intermediate router discards the request when TTL becomes 0.
int Minimum: 1
Maximum: 255
Default: "1"
neighbor_address Neighbor IP Address IPAddress Required
password Password

User can create (POST) the neighbor with or without the password.
The view (GET) on the neighbor, would never reveal if the password is set or not.
The password can be set later using edit neighbor workFlow (PUT)
On the edit neighbor (PUT), if the user does not specify the password property, the
older value is retained. Maximum length of this field is 32 characters.
string Minimum length: 1
Maximum length: 32
remote_as Autonomous System Number of the neighbor

This is a deprecated property, Please use 'remote_as_num' instead.		 integer Deprecated
Minimum: 1
Maximum: 4294967296
remote_as_num 4 Byte ASN of the neighbor in ASPLAIN/ASDOT Format string
resource_type Must be set to the value BgpNeighbor string
source_address Logical Router Uplink IP Address

Deprecated - do not provide a value for this field. Use source_addresses instead.		 IPAddress Deprecated
source_addresses Array of Logical Router Uplink IP Addresses

BGP neighborship will be formed from all these source addresses to this neighbour.		 array of IPAddress Maximum items: 8
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BgpNeighborAddressFamily (schema)

Name Description Type Notes
enabled Enable this address family boolean Default: "True"
in_filter_ipprefixlist_id Id of the IPPrefix List to be used for IN direction filter string
in_filter_routemap_id Id of the RouteMap to be used for IN direction filter string
maximum_routes Maximum number of routes supported on the address family integer Minimum: 0
out_filter_ipprefixlist_id Id of the IPPrefixList to be used for OUT direction filter string
out_filter_routemap_id Id of the RouteMap to be used for OUT direction filter string
type Address family type AddressFamilyType Required

BgpNeighborConfig (schema)

BGP neighbor config

Contains information necessary to configure a BGP neighbor.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allow_as_in Flag to enable allowas_in option for BGP neighbor boolean Default: "False"
bfd BFD configuration for failure detection

BFD configuration for failure detection.
BFD is enabled with default values when not configured.
BgpBfdConfig
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
graceful_restart_mode BGP Graceful Restart Configuration Mode

If mode is DISABLE, then graceful restart and helper modes are disabled.
If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled.
If mode is HELPER_ONLY, then helper mode is enabled.
HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability
to preserve forwarding state during BGP restart.
GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart
to its peers.
string Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY
hold_down_time Wait time in seconds before declaring peer dead

Wait time in seconds before declaring peer dead.
int Minimum: 1
Maximum: 65535
Default: "180"
id Unique identifier of this resource string Sortable
in_route_filters Prefix-list or route map path for IN direction

Specify path of prefix-list or route map to filter routes for IN direction.
This property is deprecated, use route_filtering instead. Specifying different
values for both properties will result in error.
array of string Deprecated
Maximum items: 1
keep_alive_time Interval between keep alive messages sent to peer

Interval (in seconds) between keep alive messages sent to peer.
int Minimum: 1
Maximum: 65535
Default: "60"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
maximum_hop_limit Maximum number of hops allowed to reach BGP neighbor

Maximum number of hops allowed to reach BGP neighbor.
int Minimum: 1
Maximum: 255
Default: "1"
neighbor_address Neighbor IP Address IPAddress Required
out_route_filters Prefix-list or route map path for OUT direction

Specify path of prefix-list or route map to filter routes for OUT direction.
When not specified, a built-in prefix-list named 'prefixlist-out-default'
is automatically applied.
This property is deprecated, use route_filtering instead. Specifying different
values for both properties will result in error.
array of string Deprecated
Maximum items: 1
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
password Password

Specify password for BGP neighbor authentication.
Empty string ("") clears existing password.
string Minimum length: 0
Maximum length: 32
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
remote_as_num 4 Byte ASN of the neighbor in ASPLAIN Format string Required
resource_type Must be set to the value BgpNeighborConfig string
route_filtering Enable address families and route filtering in each direction

Enable address families and route filtering in each direction.
array of BgpRouteFiltering Maximum items: 2
source_addresses Source IP Addresses for BGP peering

Source addresses should belong to Tier0 external or loopback or VTI interface
IP Addresses . BGP peering is formed from all these addresses.
This property is mandatory when maximum_hop_limit is greater than 1.
array of IPAddress Maximum items: 8
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

BgpNeighborConfigListRequestParameters (schema)

Routing Config list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

BgpNeighborConfigListResult (schema)

Paged collection of BGP Neighbor Configs

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results BGP neighbor configs list results array of BgpNeighborConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BgpNeighborListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of bgp neighbors array of BgpNeighbor Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BgpNeighborRouteDetails (schema)

BGP neighbor route details

BGP neighbor learned/advertised route details.

Name Description Type Notes
logical_router_id Logical router id string Required
Readonly
neighbor_address Neighbor IP address

BGP neighbor peer IP address.		 IPAddress Required
Readonly
neighbor_id BGP neighbor id string Required
Readonly
per_transport_node_routes Route details per transport node

Array of BGP neighbor route details per transport node.
array of RoutesPerTransportNode Readonly

BgpNeighborRouteDetailsCsvRecord (schema)

BGP neighbor route details

BGP neighbor learned/advertised route details.

Name Description Type Notes
as_path AS path

BGP AS path attribute.		 string Readonly
local_pref Local preference

BGP Local Preference attribute.		 integer Readonly
logical_router_id Logical router id

Logical router id		 string Required
Readonly
med Multi Exit Discriminator

BGP Multi Exit Discriminator attribute.		 integer Readonly
neighbor_address Neighbor IP address

BGP neighbor peer IP address.		 IPAddress Required
Readonly
neighbor_id BGP neighbor id

BGP neighbor id		 string Required
Readonly
network CIDR network address

CIDR network address.		 IPCIDRBlock Required
Readonly
next_hop Next hop IP address

Next hop IP address.		 IPAddress Readonly
source_address BGP neighbor source address

BGP neighbor source address.		 IPAddress Readonly
transport_node_id Transport node id

Transport node id		 string Required
Readonly
weight Weight

BGP Weight attribute.		 integer Readonly

BgpNeighborRouteDetailsInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of BgpNeighborRouteDetailsCsvRecord

BgpNeighborRoutes (schema)

BGP neighbor route details

BGP neighbor learned/advertised route details.

Name Description Type Notes
edge_node_routes Route details per transport node

Array of BGP neighbor route details per edge node.
array of RoutesPerTransportNode Readonly
egde_node_routes Route details per transport node

Array of BGP neighbor route details per edge node.
array of RoutesPerTransportNode Deprecated
Readonly
enforcement_point_path Enforcement point policy path string Required
Readonly
neighbor_path BGP neighbor policy path string Required
Readonly

BgpNeighborRoutesListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Bgp neighbor routes

Paged Collection of Bgp neighbor routes.		 array of BgpNeighborRoutes
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BgpNeighborStatus (schema)

Name Description Type Notes
address_families Address families of BGP neighbor

Address families of BGP neighbor		 array of BgpAddressFamily Readonly
announced_capabilities BGP capabilities sent to BGP neighbor. array of string Readonly
connection_drop_count Count of connection drop integer Readonly
connection_state Current state of the BGP session. string Readonly
Enum: INVALID, IDLE, CONNECT, ACTIVE, OPEN_SENT, OPEN_CONFIRM, ESTABLISHED, UNKNOWN
established_connection_count Count of connections established integer Readonly
graceful_restart Graceful restart flag

Current state of graceful restart where
graceful_restart = true indicates graceful restart is enabled and
graceful_restart = false indicates graceful restart is disabled.
This is deprecated field, use graceful_restart_mode instead.
boolean Deprecated
Readonly
graceful_restart_mode Graceful restart mode

Current state of graceful restart of BGP neighbor. Possible
values are -
1. GR_AND_HELPER - Graceful restart with Helper
2. HELPER_ONLY - Helper only
3. DISABLE - Disabled
string Readonly
hold_time Time in ms to wait for HELLO from BGP peer. If a HELLO packet is not seen from BGP Peer withing hold_time then BGP neighbor will be marked as down. integer Readonly
keep_alive_interval Time in ms to wait for HELLO packet from BGP peer integer Readonly
local_port TCP port number of Local BGP connection integer Readonly
Minimum: 1
Maximum: 65535
lr_component_id Logical router component(Service Router/Distributed Router) id string Required
Readonly
messages_received Count of messages received from the neighbor integer Readonly
messages_sent Count of messages sent to the neighbor integer Readonly
negotiated_capability BGP capabilities negotiated with BGP neighbor. array of string Readonly
neighbor_address The IP of the BGP neighbor IPAddress Readonly
neighbor_router_id Router ID of the BGP neighbor. IPAddress Readonly
remote_as_number AS number of the BGP neighbor string Readonly
remote_port TCP port number of remote BGP Connection integer Readonly
Minimum: 1
Maximum: 65535
remote_site Remote site

Remote site details.		 ResourceReference Readonly
source_address The Ip address of logical port IPAddress Readonly
time_since_established Time(in seconds) since connection was established. integer Readonly
total_in_prefix_count Count of in prefixes

Sum of in prefixes counts across all address families.		 integer Readonly
total_out_prefix_count Count of out prefixes

Sum of out prefixes counts across all address families.		 integer Readonly
transport_node Transport node id and name ResourceReference Readonly
type BGP neighbor type

BGP neighbor type		 string Readonly
Enum: INTER_SR, USER

BgpNeighborStatusLiteDto (schema)

Name Description Type Notes
connection_state BGP session state

Current state of the BGP session.		 string Readonly
Enum: INVALID, IDLE, CONNECT, ACTIVE, OPEN_SENT, OPEN_CONFIRM, ESTABLISHED, UNKNOWN
neighbor_address Neighor address

Ip address of BGP neighbor.		 IPAddress Readonly
remote_site Remote site

Remote site details.		 ResourceReference Readonly
source_address Source address

Source Ip address.		 IPAddress Readonly

BgpNeighborsStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp indicating last update time of data

Timestamp when the data was last updated, unset if data source has never updated the data.		 EpochMsTimestamp Readonly
logical_router_id Logical router id string Required
Readonly
logical_router_name Name of the logical router string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Status of BGP neighbors of the logical router array of BgpNeighborStatus Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BgpRouteAggregation (schema)

Name Description Type Notes
prefix cidr of the aggregate address IPCIDRBlock Required
summary_only Flag to send only summarized route boolean Default: "True"

BgpRouteFiltering (schema)

Enable address_families and route filtering in each direction

Name Description Type Notes
address_family Address family type

Address family type.
If not configured, this property automatically derived for IPv4 & IPv6
peer configuration.		 string Enum: IPV4, IPV6, L2VPN_EVPN
enabled Enable address family

Flag to enable address family.		 boolean Default: "True"
in_route_filters Prefix-list or route map path for IN direction

Specify path of prefix-list or route map to filter routes for IN direction.
array of string Maximum items: 1
maximum_routes Maximum number of routes for the address family

Maximum number of routes for the address family.
int Minimum: 1
Maximum: 1000000
out_route_filters Prefix-list or route map path for OUT direction

Specify path of prefix-list or route map to filter routes for OUT direction.
When not specified, a built-in prefix-list named 'prefixlist-out-default'
is automatically applied.
array of string Maximum items: 1

BgpRoutesRequestParameters (schema)

BGP Routes request parameters

Name Description Type Notes
count Number of routes to retrieve

Number of routes to return in response.
Not used when routes are requested in CSV format.
int Minimum: 1
Default: "1000"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
This property is required for retrieving routes in CSV format.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

BgpRoutingConfig (schema)

BGP routing config

Contains BGP routing configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildBgpNeighborConfig
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ecmp Flag to enable ECMP

Flag to enable ECMP.
boolean
enabled Flag to enable BGP configuration

Flag to enable BGP configuration. Disabling will stop feature and
BGP peering.
boolean
graceful_restart Flag to enable graceful restart

Flag to enable graceful restart. This field is deprecated, please use
graceful_restart_config parameter for graceful restart configuration.
If both parameters are set and consistent with each other
(i.e. graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR
graceful_restart=true and graceful_restart_mode=GR_AND_HELPER)
then this is allowed, but if inconsistent with each other then this
is not allowed and validation error will be thrown.
boolean Deprecated
graceful_restart_config BGP Graceful Restart Configuration

Configuration field to hold BGP Restart mode and timer.		 BgpGracefulRestartConfig
id Unique identifier of this resource string Sortable
inter_sr_ibgp Enable inter SR IBGP configuration

Flag to enable inter SR IBGP configuration.
When not specified, inter SR IBGP is automatically enabled if Tier-0
is created in ACTIVE_ACTIVE ha_mode.
boolean
local_as_num BGP AS number in ASPLAIN/ASDOT Format

Specify BGP AS number for Tier-0 to advertize to BGP peers.
AS number can be specified in ASPLAIN (e.g., "65546") or
ASDOT (e.g., "1.10") format. Empty string disables BGP feature.
It is required by normal tier0 but not required in vrf tier0.
string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
multipath_relax Flag to enable BGP multipath relax option

Flag to enable BGP multipath relax option.		 boolean
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value BgpRoutingConfig string
route_aggregations List of routes to be aggregated

List of routes to be aggregated.
array of RouteAggregationEntry Maximum items: 1000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

BinaryPacketData (schema)

Name Description Type Notes
frame_size Requested total size of the (logical) packet in bytes

If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.		 integer Minimum: 60
Maximum: 1000
Default: "128"
payload RFC3548 compatible base64 encoded full payload

Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload must contain all headers (Ethernet, IP, etc). Note that VLAN is not supported in the logical space. Hence, payload must not contain 802.1Q headers.		 string Maximum length: 1336
resource_type Must be set to the value BinaryPacketData string Required
Enum: BinaryPacketData, FieldsPacketData
Default: "FieldsPacketData"
routed A flag, when set true, indicates that the traceflow packet is of L3 routing. boolean
transport_type transport type of the traceflow packet

This type takes effect only for IP packet.		 string Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN
Default: "UNICAST"

BingdingMapStackStatusListRequestParameters (schema)

Request parameters for binding map mirror stack status

Request parameters for port/group/segment binding map mirror stack status.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path Binding map path enforcemnt point path to remote L3 mirror session

String path for the enforcement point.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

BlackholeAction (schema)

Action to be taken on matching packets for NULL routes. For action is DISCARD, matching packets are dropped rather than forwarded.

Name Description Type Notes
BlackholeAction Action to be taken on matching packets for NULL routes. For action is DISCARD, matching packets are dropped rather than forwarded. string Enum: DISCARD

BpduFilter (schema) (Deprecated)

BPDU filter configuration

Name Description Type Notes
enabled Indicates whether BPDU filter is enabled boolean Required
white_list Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering array of string Minimum items: 0
Maximum items: 32

BridgeEndpoint (schema)

Bridge Endpoint

A bridge endpoint can be created on a bridge cluster or on an edge
cluster. Few of the properties of this class will not be used depending on
the type of bridge endpoint being created. When creating a bridge endpoint
on a bridge cluster, following propeties will be used: vlan,
bridge_cluster_id and ha_enable. Similarly, for creating a bridge endpoint
on an edge cluster following properties will be used: vlan,
bridge_endpoint_profile_id and vlan_transport_zone_id.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bridge_cluster_id UUID of the bridge cluster for this bridge endpoint

This field will not be used if an edge cluster is being used for the
bridge endpoint
string Maximum length: 36
bridge_endpoint_profile_id Bridge endpoint profile used by the edge cluster

This field will not be used if a bridge cluster is being used for the
bridge endpoint
string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ha_enable Controls the enabling of HA on the VLAN for this endpoint

This field will not be used if an edge cluster is being used for the
bridge endpoint
boolean Default: "True"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value BridgeEndpoint string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
uplink_teaming_policy_name The name of the switching uplink teaming policy for the bridge endpoint

This name has to be one of the switching uplink teaming policy names listed inside the TransportZone. If this field is not specified, bridge will use the first pnic in host-switch config. This field will not be used if a bridge cluster is being used for the bridge endpoint		 string
vlan This property is used for VLAN specification of bridge endpoint.
It's mutually exclusive with 'vlan_trunk_spec', either 'vlan' or 'vlan_trunk_spec'
should be specified.
VlanID
vlan_transport_zone_id VLAN transport zone id by the edge cluster

This field will not be used if a bridge cluster is being used for the
bridge endpoint
string
vlan_trunk_spec VLAN trunk spec of edge bridge endpoint

This property is used for VLAN trunk specification of edge bridge endpoint.
It's mutually exclusive with 'vlan', either 'vlan' or 'vlan_trunk_spec'
should be specified.
VlanTrunkSpec

BridgeEndpointListResult (schema)

Bridge Endpoint queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results BridgeEndpoint Results array of BridgeEndpoint Required
Readonly
Minimum items: 0
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BridgeEndpointProfile (schema)

Bridge Endpoint Profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_id UUID of the edge cluster for this bridge endpoint string Required
Maximum length: 36
edge_cluster_member_indexes Indexes of the member hosts of the edge bridge cluster

First index will be used as the preferred member		 array of int
failover_mode Failover mode for the edge bridge cluster

Faileover mode can be preemmptive or non-preemptive		 string Enum: PREEMPTIVE, NON_PREEMPTIVE
Default: "PREEMPTIVE"
high_availability_mode High availability mode for the edge bridge cluster

High avaialability mode can be active-active or active-standby		 string Enum: ACTIVE_STANDBY
Default: "ACTIVE_STANDBY"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value BridgeEndpointProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BridgeEndpointProfileListResult (schema)

Bridge Endpoint Profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results BridgeEndpointProfile Results array of BridgeEndpointProfile Required
Readonly
Minimum items: 0
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

BridgeEndpointProfileRequestParameters (schema)

Bridge Endpoint Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_cluster_id Edge Cluster Identifier string
failover_mode string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

BridgeEndpointRequestParameters (schema)

Bridge Endpoint request parameters

When querying for bridge endpoints on a bridge cluster, following
parameters can be used: bridge_cluster_id and logical_switch_id. When
querying for bridge endpoints on an edge cluster, following parameters
can be used: bridge_endpoint_profile_id, vlan_transport_zone_id and
logical_switch_id. When multiple parameters are provided they will be
anded together. if bridge_cluster_id is used along with
bridge_endpoint_profile_id or vlan_transport_zone_id an error will be
thrown.

Name Description Type Notes
bridge_cluster_id Bridge Cluster Identifier

If provided, only bridge endpoints associated with the given bridge
cluster will be returned.
string
bridge_endpoint_profile_id Bridge endpoint profile used by the edge cluster

If provided, only bridge endpoints associated with the given bridge
endpoint profile will be returned.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
logical_switch_id Logical Switch Identifier

If provided, only bridge endpoints associated with the given logical
switch will be returned.
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
vlan_transport_zone_id VLAN transport zone id used by the edge cluster

If provided, only bridge endpoints associated with the given transport
zone will be returned.
string

BridgeEndpointStatistics (schema)

Name Description Type Notes
endpoint_id The id of the bridge endpoint string Required
Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
rx_bytes DataCounter Readonly
rx_packets DataCounter Readonly
tx_bytes DataCounter Readonly
tx_packets DataCounter Readonly

BridgeEndpointStatus (schema)

Name Description Type Notes
active_nodes The Ids of the transport nodes which actively serve the endpoint. array of string Readonly
endpoint_id The id of the bridge endpoint string Required
Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly

BridgeHighAvailabilityClusterProfile (schema) (Deprecated)

Profile for BFD HA cluster setting

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bfd_probe_interval the time interval (in millisec) between probe packets for heartbeat purpose integer Minimum: 300
Maximum: 60000
Default: "1000"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable whether the heartbeat is enabled boolean Default: "True"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value BridgeHighAvailabilityClusterProfile ClusterProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

BridgeProfileConfig (schema)

Bridge Profile Configuration

configuration parameters for Bridge Profile

Name Description Type Notes
bridge_profile_path Policy path to L2 Bridge profile

Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique.		 string Required
uplink_teaming_policy_name Uplink Teaming Policy Name

The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one fot he switching uplink teaming policy names listed in teh transport zone. When this property is not specified, the teaming policy is assigned by MP.		 string
vlan_ids VLAN IDs

VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both.		 array of string
vlan_transport_zone_path Policy path to VLAN Transport Zone

VLAN transport zone should belong to the enforcment-point as the transport zone specified in the segment.		 string Required

BridgeProfileRequestParameters (schema)

Bridge profile request parameters

Name Description Type Notes
bridge_profile_path Bridge profile path

Policy path of Bridge profile using which a bridge end point was created.
string Required
enforcement_point_path String Path of the enforcement point

Enforcement point path.		 string

BrokerProperties (schema)

Information about a management plane node this transport node is configured to communicate with

Name Description Type Notes
BrokerFqdn Fully qualified domain name of the message bus broker on the management plane node. string
BrokerIpAddress IP address or hostname of the message bus broker on the management plane node. HostnameOrIPv4Address Required
BrokerIsMaster Indicates whether this broker is the master. string
BrokerPort Port number of the message bus broker on the management plane node. string
BrokerSslCertThumbprint Certificate thumbprint of the message bus broker on the management plane node. string Required
BrokerVirtualHost Type of host running the broker. string

BundleId (schema)

Id of bundle

Identifier of the bundle.

Name Description Type Notes
bundle_id Bundle Id

Identifier of bundle upload		 string Readonly

BundleIds (schema)

List of bundle-ids

Contains a list of bundle-ids.

Name Description Type Notes
failed Failed bundle-Id

Id of a bundle whose upload was failed.		 string Readonly
in_progress In-progress bundle-Id

Id of a bundle whose upload is in-progress.		 string Readonly
successful Sucessful bundle-Id

Id of a bundle whose upload is successful.		 string Readonly

BundleUploadParameters (schema)

Parameters for bundle upload

Parameters specified during bundle upload operations.

Name Description Type Notes
file_type Type of file

Type of file which will be uploaded.		 string Required
Enum: OVA
product Name of the appliance

Name of the appliance for which upload is performed.		 string Required
Enum: SAMPLE, ALB_CONTROLLER, INTELLIGENCE

BundleUploadPermission (schema)

Permissions for bundle upload

Describes whether bundle upload is allowed or not.

Name Description Type Notes
reason Reason for not allowing upload. string Readonly
upload_allowed Bundle upload allowed flag

Flag indication whether upload is allowed or not.		 boolean Required
Readonly

BundleUploadStatus (schema)

Upload status of bundle

Upload status of bundle uploaded from local or remote location.

Name Description Type Notes
bundle_name Name of the bundle

Name of the uploaded bundle.		 string Readonly
detailed_status Detailed status of bundle upload

Detailed status of bundle upload.		 string Readonly
percent Percent of upload completed

Percent of bundle uploaded from remote location.		 number Readonly
status Status of bundle upload

Current status of bundle upload.		 string Readonly
Enum: UPLOADING, VERIFYING, SUCCESS, FAILED
url URL from which the bundle was uploaded

URL for uploading bundle.		 string Readonly

ByodPolicyServiceInstance (schema)

Represents instance of self wiring partner's service

Represents an instance of partner's service whose wiring will be done by partner itself.
As partner does all the wiring, we call it as Byod - Bring your own device.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildServiceInstanceEndpoint
deployment_mode Deployment Mode

Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.		 string Enum: STAND_ALONE, ACTIVE_STANDBY
Default: "ACTIVE_STANDBY"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
partner_service_name Name of Partner Service

Unique name of Partner Service in the Marketplace		 string Required
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ByodPolicyServiceInstance string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type Transport Type

Transport to be used while deploying Service-VM.		 string Enum: L2_BRIDGE, L3_ROUTED
Default: "L2_BRIDGE"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ByodPolicyServiceInstanceListResult (schema)

Collection of only Byod SI objects

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Byod Service instance list results array of ByodPolicyServiceInstance Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ByodServiceInstance (schema)

Custom Instance of a service

ByodServiceInstance is a custom instance to be used when NSX is not handling the lifecycles of appliance/s. User will manage their own appliance (BYOD) to connect with NSX.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
deployment_mode Deployment Mode

Deployment mode specifies where the partner appliance will be deployed in HA or non-HA i.e standalone mode.		 string Required
Enum: STAND_ALONE, ACTIVE_STANDBY
Default: "ACTIVE_STANDBY"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
on_failure_policy On Failure Policy

Failure policy of the service instance - if it has to be different from the service. By default the service instance inherits the FailurePolicy of the service it belongs to.		 string Enum: ALLOW, BLOCK
resource_type Must be set to the value ByodServiceInstance ServiceInstanceResourceType Required
service_id Service Id

The Service to which the service instance is associated.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type Transport Type

Transport to be used by this service instance for deploying the Service-VM. This field is to be set Not Applicable(NA) if the service only caters to functionality EPP(Endpoint Protection) and MPS.		 string Required
Enum: L2_BRIDGE, L3_ROUTED, NSH, NA

CCPUpgradeStatus (schema)

Status of CCP upgrade

Name Description Type Notes
can_rollback Can perform rollback

This field indicates whether we can perform upgrade rollback.		 boolean Readonly
can_skip Can the upgrade of the remaining units in this component be skipped boolean Readonly
component_type Component type for the upgrade status string Readonly
current_version_node_summary Mapping of current versions of nodes and counts of nodes at the respective versions. NodeSummaryList Readonly
details Details about the upgrade status string Readonly
node_count_at_target_version Count of nodes at target component version

Number of nodes of the type and at the component version		 int Readonly
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
pre_upgrade_status Pre-upgrade status of the component-type UpgradeChecksExecutionStatus Readonly
status Upgrade status of component string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version Target component version string Readonly

CPUReservation (schema)

Relative to the form factor pre-defined reservation value. We recommended
that you use the predefined measures of CPU reservation shares to reduce
the CPU reservation of a VM. Reservation shares are relative to the
default form-factor value. Though absolute values for CPU reservation
is supported, we advise to use this option with caution as incorrect or
high reservation values could lead to deployment failure or lead to
resource starvation for other VMs running on the same host.

Name Description Type Notes
reservation_in_mhz CPU reservation in MHz.

The CPU reservation in MHz is the guaranteed minimum amount of clock
cycles that the vmkernel CPU scheduler will give the Edge VM in case
of contention. If an Edge VM is not using its reserved resources, then
other machines can use them thus preventing waste of CPU cycles on the
physical host. Note: We recommend use of reservation_in_shares instead
of this absolute configuration. When you specify this value, set
reservation_in_shares to LOW_PRIORITY.
int
reservation_in_shares CPU reservation in shares.

Shares specify the relative importance of a virtual machine on a given
host. When you assign shares to a virtual machine, you always specify
the priority for that virtual machine relative to other powered-on
virtual machines on the same host. The default priority for shares is
HIGH_PRIORITY.
string Enum: EXTRA_HIGH_PRIORITY, HIGH_PRIORITY, NORMAL_PRIORITY, LOW_PRIORITY
Default: "HIGH_PRIORITY"

CaBundle (schema)

CA certificates bundle

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificates X509Certificates in the bundle array of X509Certificate Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
earliest_not_after The earliest time in epoch milliseconds at which a certificate becomes invalid. EpochMsTimestamp Readonly
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
not_after_list Times for each certificate in the bundle at which the certificate becomes invalid. array of EpochMsTimestamp Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pem_encoded PEM-encoded CA bundle certificates. string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value CaBundle string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

CaBundleListResult (schema)

CA Bundle query result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CA bundles list. array of CaBundle Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CallbackAuthenticationScheme (schema)

CallbackAuthenticationScheme describes how notification requests should authenticate to the server.

Name Description Type Notes
certificate_id Valid certificate ID

Certificate ID with a valid certificate and private key, procured from trust-management API.		 string
password Password for authentication

Password to use if scheme_name is BASIC_AUTH.		 string
scheme_name Authentication scheme to use when making notification requests

Authentication scheme to use when making notification requests to the partner console. Specify one of BASIC_AUTH or CERTIFICATE.		 string Required
Enum: BASIC_AUTH, CERTIFICATE
username Username for authentication

Username to use if scheme_name is BASIC_AUTH.		 string

CapacityDashboardUsage (schema)

Name Description Type Notes
current_usage_count Current usage count of object type

Indicate the current usage count of object type.
integer Required
current_usage_percentage Current usage percentage

Current usage percentage for object type
number Required
display_name User friendly name for object type

Display name for NSX object type.
string Required
max_supported_count Maximum supported count for object type

This is the maximum supported count for object type in consideration.
integer Required
max_threshold_percentage Max threshold percentage for object type

This indicates the maximum threshold percentage for object type.
number Required
min_threshold_percentage Min threshold percentage for object type

This indicates the minimum threshold percentage for object type.
number Required
severity Severity calculated from percentage usage

Severity calculated from percentage usage
string Required
Enum: INFO, WARNING, CRITICAL, ERROR
usage_type Object type for which usage is fetched

Indicate the object type for which usage is calculated.
string Required

CapacityThreshold (schema)

Name Description Type Notes
max_threshold_percentage Maximum threshold percentage

Set the maximum threshold percentage. Specify a value between 0 and
100. Usage percentage above this value is tagged as critical.
number Required
Minimum: 0
Maximum: 100
min_threshold_percentage Minimum threshold percentage

Set the minimum threshold percentage. Specify a value between 0 and
100. Usage percentage above this value is tagged as warning.
number Required
Minimum: 0
Maximum: 100
threshold_type Object type for which threshold is to be set

Indicate the object type for which threshold is to be set.
string Required

CapacityThresholdList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
capacity_thresholds List of capacity thresholds for NSX Objects array of CapacityThreshold Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value CapacityThresholdList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CapacityUsage (schema)

usage of each capacity type ex. vm, cpu

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
capacity_type type of the capacity field string Readonly
usage_count count of number of items of capacity_type integer Readonly

CapacityUsageMetaInfo (schema)

Name Description Type Notes
last_updated_timestamp Timestamp at which capacity usage was last calculated EpochMsTimestamp Required
max_global_threshold_percentage Maximum global threshold percentage

Indicates the maximum global threshold percentage
number Required
min_global_threshold_percentage Minimum global threshold percentage

Indicates the minimum global threshold percentage
number Required

CapacityUsageRequestParameters (schema)

Parameter to force inline calculation.

Name Description Type Notes
category Category of attributes for which capacity details need to be fetched.
Supported categories are security, inventory, networking and system.
User can provide comma separated list of multiple categories.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
force Parameter to force inline calculation instead of retrieving
cached results.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

CapacityUsageResponse (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
capacity_usage List of capacity usage for NSX Objects array of CapacityDashboardUsage Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
meta_info Meta data for capacity usage statistics object Required
resource_type Must be set to the value CapacityUsageResponse string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unreported_usage_types Unreported usage types

Types for which usage data was not reported		 array of string

CdpStatusType (schema)

Status types supported of the CrlDistributionPoint

Name Description Type Notes
CdpStatusType Status types supported of the CrlDistributionPoint string Enum: NOT_READY, FETCHING, READY, ERROR

CentralConfigProperties (schema)

Central Config properties

Name Description Type Notes
local_override Override Central Config boolean Required

CentralNodeConfigProfile (schema)

Central Node Config Profile

Central Node Config profile for NSX nodes. This set of properties will be pushed to NSX Manager and Edge nodes. SNMP properties will be pushed to KVM Hypervisors in addition to Manager and Edge nodes.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ntp NTP service properties

NTP service properties for NSX nodes.		 NtpProperties
resource_type Must be set to the value CentralNodeConfigProfile string
snmp SNMP service properties

SNMP service properties for NSX nodes.		 SnmpProperties
syslog Syslog service properties

Syslog service properties for NSX nodes.		 SyslogProperties
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timezone Timezone

Timezone to be set for NSX nodes. Only timezone strings listed in the Time Zone database (https://www.iana.org/time-zones) are allowed.		 string

CentralNodeConfigProfileGetRequestParams (schema)

GET request parameters for Central Node Config profile

This object includes GET request parameter to indicate whether sensitive data should be returned for a central Central Node Config profile.

Name Description Type Notes
show_sensitive_data Show sensitive data in Central Node Config profile

If set to true, Central Node Config profile includes sensitive data
properties like SNMP community strings if any applicable. Note
that passwords are never returned. Default set to false.
boolean Default: "False"

CentralNodeConfigProfileListResult (schema)

List of Central Node Config profiles

Paged collection of Central Node Config profiles.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Central Node Config profiles array of CentralNodeConfigProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Certificate (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
details List of X509Certificates. array of X509Certificate Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
has_private_key Whether we have the private key for this certificate. boolean Required
Readonly
Default: "False"
id Unique identifier of this resource string Sortable
pem_encoded PEM encoded certificate data. string Required
purpose Purpose of this certificate. Can be empty or set to "signing-ca". string Enum: signing-ca
resource_type Must be set to the value Certificate string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
used_by List of node IDs with services, that are using this certificate. array of NodeIdServicesMap Readonly

CertificateCheckingStatus (schema)

Result of checking a certificate

Name Description Type Notes
error_message Error Message

Error message when checking the certificate.		 string Readonly
status Status

Status of the checked certificate.		 CertificateCheckingStatusType Required
Readonly

CertificateCheckingStatusType (schema)

Status types returned when checking a certificate

Name Description Type Notes
CertificateCheckingStatusType Status types returned when checking a certificate string Enum: OK, CRL_NOT_READY, REJECTED, ERROR

CertificateId (schema)

Name Description Type Notes
certificate_id Certificate ID string Required
Readonly

CertificateKeyPair (schema)

Name Description Type Notes
certificate SecurityCertificate Required
rsa_private_key PEM encoded RSA private key

The private key must include the enclosing "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----". An empty string is returned in read responses.		 string Required
Minimum length: 60

CertificateList (schema)

Certificate queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Certificate list. array of Certificate Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CertificateProfile (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cluster_certificate Cluster Certificate

True if this is for a cluster certificate		 boolean Required
Readonly
extended_key_usage Extended Key Usage

Indicating whether this certificate is used for server-auth, client-auth or both.		 array of CertificateUsageType Required
Readonly
node_type Node Type

List of types of node this certificate applies to.		 array of NodeType Required
Readonly
profile_name Certificate Profile Name string Required
Readonly
service_type Unique Service Type ServiceType Required
Readonly
unique_use Unique Use

True if the certificate used for this service-type cannot be used anywhere else.		 boolean Required
Readonly

CertificateProfileListResult (schema)

CertificateProfile query result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CertificateProfile list. array of CertificateProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CertificateUsageType (schema)

Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER

Name Description Type Notes
CertificateUsageType Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER string Enum: SERVER, CLIENT

ChildALBAlertScriptConfig (schema)

Wrapper object for ChildALBAlertScriptConfig

Child wrapper for ALBAlertScriptConfig, used in hierarchical API.

Name Description Type Notes
ALBAlertScriptConfig ChildALBAlertScriptConfig

Contains the actual ALBAlertScriptConfig object.
ALBAlertScriptConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBAlertScriptConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBAnalyticsProfile (schema)

Wrapper object for ChildALBAnalyticsProfile

Child wrapper for ALBAnalyticsProfile, used in hierarchical API.

Name Description Type Notes
ALBAnalyticsProfile ChildALBAnalyticsProfile

Contains the actual ALBAnalyticsProfile object.
ALBAnalyticsProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBAnalyticsProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBApplicationPersistenceProfile (schema)

Wrapper object for ChildALBApplicationPersistenceProfile

Child wrapper for ALBApplicationPersistenceProfile, used in hierarchical API.

Name Description Type Notes
ALBApplicationPersistenceProfile ChildALBApplicationPersistenceProfile

Contains the actual ALBApplicationPersistenceProfile object.
ALBApplicationPersistenceProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBApplicationPersistenceProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBApplicationProfile (schema)

Wrapper object for ChildALBApplicationProfile

Child wrapper for ALBApplicationProfile, used in hierarchical API.

Name Description Type Notes
ALBApplicationProfile ChildALBApplicationProfile

Contains the actual ALBApplicationProfile object.
ALBApplicationProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBApplicationProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBAuthProfile (schema)

Wrapper object for ChildALBAuthProfile

Child wrapper for ALBAuthProfile, used in hierarchical API.

Name Description Type Notes
ALBAuthProfile ChildALBAuthProfile

Contains the actual ALBAuthProfile object.
ALBAuthProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBAuthProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBAutoScaleLaunchConfig (schema)

Wrapper object for ChildALBAutoScaleLaunchConfig

Child wrapper for ALBAutoScaleLaunchConfig, used in hierarchical API.

Name Description Type Notes
ALBAutoScaleLaunchConfig ChildALBAutoScaleLaunchConfig

Contains the actual ALBAutoScaleLaunchConfig object.
ALBAutoScaleLaunchConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBAutoScaleLaunchConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBCertificateManagementProfile (schema)

Wrapper object for ChildALBCertificateManagementProfile

Child wrapper for ALBCertificateManagementProfile, used in hierarchical API.

Name Description Type Notes
ALBCertificateManagementProfile ChildALBCertificateManagementProfile

Contains the actual ALBCertificateManagementProfile object.
ALBCertificateManagementProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBCertificateManagementProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBDnsPolicy (schema)

Wrapper object for ChildALBDnsPolicy

Child wrapper for ALBDnsPolicy, used in hierarchical API.

Name Description Type Notes
ALBDnsPolicy ChildALBDnsPolicy

Contains the actual ALBDnsPolicy object.
ALBDnsPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBDnsPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBErrorPageBody (schema)

Wrapper object for ChildALBErrorPageBody

Child wrapper for ALBErrorPageBody, used in hierarchical API.

Name Description Type Notes
ALBErrorPageBody ChildALBErrorPageBody

Contains the actual ALBErrorPageBody object.
ALBErrorPageBody Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBErrorPageBody string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBErrorPageProfile (schema)

Wrapper object for ChildALBErrorPageProfile

Child wrapper for ALBErrorPageProfile, used in hierarchical API.

Name Description Type Notes
ALBErrorPageProfile ChildALBErrorPageProfile

Contains the actual ALBErrorPageProfile object.
ALBErrorPageProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBErrorPageProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBHTTPPolicySet (schema)

Wrapper object for ChildALBHTTPPolicySet

Child wrapper for ALBHTTPPolicySet, used in hierarchical API.

Name Description Type Notes
ALBHTTPPolicySet ChildALBHTTPPolicySet

Contains the actual ALBHTTPPolicySet object.
ALBHTTPPolicySet Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBHTTPPolicySet string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBHardwareSecurityModuleGroup (schema)

Wrapper object for ChildALBHardwareSecurityModuleGroup

Child wrapper for ALBHardwareSecurityModuleGroup, used in hierarchical API.

Name Description Type Notes
ALBHardwareSecurityModuleGroup ChildALBHardwareSecurityModuleGroup

Contains the actual ALBHardwareSecurityModuleGroup object.
ALBHardwareSecurityModuleGroup Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBHardwareSecurityModuleGroup string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBHealthMonitor (schema)

Wrapper object for ChildALBHealthMonitor

Child wrapper for ALBHealthMonitor, used in hierarchical API.

Name Description Type Notes
ALBHealthMonitor ChildALBHealthMonitor

Contains the actual ALBHealthMonitor object.
ALBHealthMonitor Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBHealthMonitor string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBIpAddrGroup (schema)

Wrapper object for ChildALBIpAddrGroup

Child wrapper for ALBIpAddrGroup, used in hierarchical API.

Name Description Type Notes
ALBIpAddrGroup ChildALBIpAddrGroup

Contains the actual ALBIpAddrGroup object.
ALBIpAddrGroup Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBIpAddrGroup string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBL4PolicySet (schema)

Wrapper object for ChildALBL4PolicySet

Child wrapper for ALBL4PolicySet, used in hierarchical API.

Name Description Type Notes
ALBL4PolicySet ChildALBL4PolicySet

Contains the actual ALBL4PolicySet object.
ALBL4PolicySet Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBL4PolicySet string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBNetworkProfile (schema)

Wrapper object for ChildALBNetworkProfile

Child wrapper for ALBNetworkProfile, used in hierarchical API.

Name Description Type Notes
ALBNetworkProfile ChildALBNetworkProfile

Contains the actual ALBNetworkProfile object.
ALBNetworkProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBNetworkProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBNetworkSecurityPolicy (schema)

Wrapper object for ChildALBNetworkSecurityPolicy

Child wrapper for ALBNetworkSecurityPolicy, used in hierarchical API.

Name Description Type Notes
ALBNetworkSecurityPolicy ChildALBNetworkSecurityPolicy

Contains the actual ALBNetworkSecurityPolicy object.
ALBNetworkSecurityPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBNetworkSecurityPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBPKIProfile (schema)

Wrapper object for ChildALBPKIProfile

Child wrapper for ALBPKIProfile, used in hierarchical API.

Name Description Type Notes
ALBPKIProfile ChildALBPKIProfile

Contains the actual ALBPKIProfile object.
ALBPKIProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBPKIProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBPool (schema)

Wrapper object for ChildALBPool

Child wrapper for ALBPool, used in hierarchical API.

Name Description Type Notes
ALBPool ChildALBPool

Contains the actual ALBPool object.
ALBPool Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBPool string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBPoolGroup (schema)

Wrapper object for ChildALBPoolGroup

Child wrapper for ALBPoolGroup, used in hierarchical API.

Name Description Type Notes
ALBPoolGroup ChildALBPoolGroup

Contains the actual ALBPoolGroup object.
ALBPoolGroup Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBPoolGroup string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBPoolGroupDeploymentPolicy (schema)

Wrapper object for ChildALBPoolGroupDeploymentPolicy

Child wrapper for ALBPoolGroupDeploymentPolicy, used in hierarchical API.

Name Description Type Notes
ALBPoolGroupDeploymentPolicy ChildALBPoolGroupDeploymentPolicy

Contains the actual ALBPoolGroupDeploymentPolicy object.
ALBPoolGroupDeploymentPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBPoolGroupDeploymentPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBPriorityLabels (schema)

Wrapper object for ChildALBPriorityLabels

Child wrapper for ALBPriorityLabels, used in hierarchical API.

Name Description Type Notes
ALBPriorityLabels ChildALBPriorityLabels

Contains the actual ALBPriorityLabels object.
ALBPriorityLabels Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBPriorityLabels string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBProtocolParser (schema)

Wrapper object for ChildALBProtocolParser

Child wrapper for ALBProtocolParser, used in hierarchical API.

Name Description Type Notes
ALBProtocolParser ChildALBProtocolParser

Contains the actual ALBProtocolParser object.
ALBProtocolParser Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBProtocolParser string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBSSLKeyAndCertificate (schema)

Wrapper object for ChildALBSSLKeyAndCertificate

Child wrapper for ALBSSLKeyAndCertificate, used in hierarchical API.

Name Description Type Notes
ALBSSLKeyAndCertificate ChildALBSSLKeyAndCertificate

Contains the actual ALBSSLKeyAndCertificate object.
ALBSSLKeyAndCertificate Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBSSLKeyAndCertificate string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBSSLProfile (schema)

Wrapper object for ChildALBSSLProfile

Child wrapper for ALBSSLProfile, used in hierarchical API.

Name Description Type Notes
ALBSSLProfile ChildALBSSLProfile

Contains the actual ALBSSLProfile object.
ALBSSLProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBSSLProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBSSOPolicy (schema)

Wrapper object for ChildALBSSOPolicy

Child wrapper for ALBSSOPolicy, used in hierarchical API.

Name Description Type Notes
ALBSSOPolicy ChildALBSSOPolicy

Contains the actual ALBSSOPolicy object.
ALBSSOPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBSSOPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBSecurityPolicy (schema)

Wrapper object for ChildALBSecurityPolicy

Child wrapper for ALBSecurityPolicy, used in hierarchical API.

Name Description Type Notes
ALBSecurityPolicy ChildALBSecurityPolicy

Contains the actual ALBSecurityPolicy object.
ALBSecurityPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBSecurityPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBServerAutoScalePolicy (schema)

Wrapper object for ChildALBServerAutoScalePolicy

Child wrapper for ALBServerAutoScalePolicy, used in hierarchical API.

Name Description Type Notes
ALBServerAutoScalePolicy ChildALBServerAutoScalePolicy

Contains the actual ALBServerAutoScalePolicy object.
ALBServerAutoScalePolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBServerAutoScalePolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBStringGroup (schema)

Wrapper object for ChildALBStringGroup

Child wrapper for ALBStringGroup, used in hierarchical API.

Name Description Type Notes
ALBStringGroup ChildALBStringGroup

Contains the actual ALBStringGroup object.
ALBStringGroup Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBStringGroup string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBTrafficCloneProfile (schema)

Wrapper object for ChildALBTrafficCloneProfile

Child wrapper for ALBTrafficCloneProfile, used in hierarchical API.

Name Description Type Notes
ALBTrafficCloneProfile ChildALBTrafficCloneProfile

Contains the actual ALBTrafficCloneProfile object.
ALBTrafficCloneProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBTrafficCloneProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBVSDataScriptSet (schema)

Wrapper object for ChildALBVSDataScriptSet

Child wrapper for ALBVSDataScriptSet, used in hierarchical API.

Name Description Type Notes
ALBVSDataScriptSet ChildALBVSDataScriptSet

Contains the actual ALBVSDataScriptSet object.
ALBVSDataScriptSet Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBVSDataScriptSet string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBVirtualService (schema)

Wrapper object for ChildALBVirtualService

Child wrapper for ALBVirtualService, used in hierarchical API.

Name Description Type Notes
ALBVirtualService ChildALBVirtualService

Contains the actual ALBVirtualService object.
ALBVirtualService Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBVirtualService string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBVsVip (schema)

Wrapper object for ChildALBVsVip

Child wrapper for ALBVsVip, used in hierarchical API.

Name Description Type Notes
ALBVsVip ChildALBVsVip

Contains the actual ALBVsVip object.
ALBVsVip Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBVsVip string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBWafCRS (schema)

Wrapper object for ChildALBWafCRS

Child wrapper for ALBWafCRS, used in hierarchical API.

Name Description Type Notes
ALBWafCRS ChildALBWafCRS

Contains the actual ALBWafCRS object.
ALBWafCRS Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBWafCRS string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBWafPolicy (schema)

Wrapper object for ChildALBWafPolicy

Child wrapper for ALBWafPolicy, used in hierarchical API.

Name Description Type Notes
ALBWafPolicy ChildALBWafPolicy

Contains the actual ALBWafPolicy object.
ALBWafPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBWafPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBWafPolicyPSMGroup (schema)

Wrapper object for ChildALBWafPolicyPSMGroup

Child wrapper for ALBWafPolicyPSMGroup, used in hierarchical API.

Name Description Type Notes
ALBWafPolicyPSMGroup ChildALBWafPolicyPSMGroup

Contains the actual ALBWafPolicyPSMGroup object.
ALBWafPolicyPSMGroup Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBWafPolicyPSMGroup string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBWafProfile (schema)

Wrapper object for ChildALBWafProfile

Child wrapper for ALBWafProfile, used in hierarchical API.

Name Description Type Notes
ALBWafProfile ChildALBWafProfile

Contains the actual ALBWafProfile object.
ALBWafProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBWafProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildALBWebhook (schema)

Wrapper object for ChildALBWebhook

Child wrapper for ALBWebhook, used in hierarchical API.

Name Description Type Notes
ALBWebhook ChildALBWebhook

Contains the actual ALBWebhook object.
ALBWebhook Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildALBWebhook string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildAntreaTraceflowConfig (schema)

Wrapper object for AnteaTraceflowConfig

Child wrapper for AntreaTraceflowConfig, used in hierarchical API.

Name Description Type Notes
TraceflowConfig AntreaTraceflowConfig

Contains the actual AntreaTraceflowConfig object.
AntreaTraceflowConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildAntreaTraceflowConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildBfdProfile (schema)

Wrapper object for BfdProfile

Child wrapper for BfdProfile, used in hierarchical API.

Name Description Type Notes
BfdProfile Bfd Profile

Contains the actual BfdProfile object.
BfdProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildBfdProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildBgpNeighborConfig (schema)

Wrapper object for BgpNeighborConfig

Child wrapper object for BgpNeighborConfig, used in hierarchical API.

Name Description Type Notes
BgpNeighborConfig BgpNeighborConfig

Contains the actual BgpNeighborConfig object.
BgpNeighborConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildBgpNeighborConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildBgpRoutingConfig (schema)

Wrapper object for BgpRoutingConfig

Child wrapper object for BgpRoutingConfig, used in hierarchical API.

Name Description Type Notes
BgpRoutingConfig BgpRoutingConfig

Contains the actual BgpRoutingConfig object.
BgpRoutingConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildBgpRoutingConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildByodPolicyServiceInstance (schema)

Wrapper object for ByodPolicyServiceInstance

Child wrapper object for ByodPolicyServiceInstance used in hierarchical API.

Name Description Type Notes
ByodPolicyServiceInstance ByodPolicyServiceInstance

Contains actual ByodPolicyServiceInstance.
ByodPolicyServiceInstance Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildByodPolicyServiceInstance string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildCaBundle (schema)

Child wrapper for CA certificates bundle, used in hierarchical API.

Name Description Type Notes
CaBundle CaBundle

Contains the actual CaBundle object.		 CaBundle Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildCaBundle string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildCommunicationEntry (schema) (Deprecated)

Wrapper object for CommunicationEntry

Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead.

Name Description Type Notes
CommunicationEntry CommunicationEntry

Contains the actual CommunicationEntry object.
CommunicationEntry Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildCommunicationEntry string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildCommunicationMap (schema) (Deprecated)

Wrapper object for CommunicationMap

Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead.

Name Description Type Notes
CommunicationMap CommunicationMap

Contains the actual CommunicationMap object.
CommunicationMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildCommunicationMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildCommunityList (schema)

Wrapper object for CommunityList

Child wrapper object for CommunityList, used in hierarchical API

Name Description Type Notes
CommunityList CommunityList

Contains the actual CommunityList object
CommunityList Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildCommunityList string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildComputeClusterIdfwConfiguration (schema)

Wrapper object for ComputeClusterIdfwConfiguration

Name Description Type Notes
ComputeClusterIdfwConfiguration ComputeClusterIdfwConfiguration

Contains the actual compute cluster idfw configuration object.
ComputeClusterIdfwConfiguration Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildComputeClusterIdfwConfiguration string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildConstraint (schema)

Wrapper object for Constraint

Child wrapper object for Constraint, used in hierarchical API

Name Description Type Notes
Constraint Constraint

Contains the actual Constraint object
Constraint Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildConstraint string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDeploymentZone (schema) (Deprecated)

Wrapper object for DeploymentZone

Child wrapper object for DeploymentZone, used in hierarchical API

Name Description Type Notes
DeploymentZone DeploymentZone

Contains the actual DeploymentZone object
DeploymentZone Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDeploymentZone string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDfwFirewallConfiguration (schema) (Experimental)

Wrapper object for FirewallConfiguration

Name Description Type Notes
DfwFirewallConfiguration Dfw Firewall Configuration

Contains the actual dfw firewall configuration list object.
DfwFirewallConfiguration Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDfwFirewallConfiguration string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDhcpRelayConfig (schema)

Wrapper object for DhcpRelayConfig

Child wrapper object for DhcpRelayConfig, used in hierarchical API

Name Description Type Notes
DhcpRelayConfig DhcpRelayConfig

Contains the actual DhcpRelayConfig object
DhcpRelayConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDhcpRelayConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDhcpServerConfig (schema)

Wrapper object for DhcpServerConfig

Child wrapper object for DhcpServerConfig, used in hierarchical API

Name Description Type Notes
DhcpServerConfig DhcpServerConfig

Contains the actual DhcpServerConfig object
DhcpServerConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDhcpServerConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDhcpStaticBindingConfig (schema)

Wrapper object for DhcpStaticBindingConfig

Child wrapper for DhcpStaticBindingConfig, used in hierarchical API.

Name Description Type Notes
DhcpStaticBindingConfig DhcpStaticBindingConfig

Contains the actual DhcpStaticBindingConfig object.
DhcpStaticBindingConfig
(Abstract type: pass one of the following concrete types)
DhcpV4StaticBindingConfig
DhcpV6StaticBindingConfig		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDhcpStaticBindingConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDnsSecurityProfile (schema)

Wrapper object for DnsSecurityProfile

Child wrapper object for DnsSecurityProfile, used in hierarchical API

Name Description Type Notes
DnsSecurityProfile DnsSecurityProfile

Contains the actual DnsSecurityProfile object
DnsSecurityProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDnsSecurityProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDnsSecurityProfileBindingMap (schema)

Wrapper object for DnsSecurityProfileBindingMap

Child wrapper obejct for DnsSecurityProfileBindingMap used in hierarchical API

Name Description Type Notes
DnsSecurityProfileBindingMap DnsSecurityProfileBindingMap

Contains the actual DnsSecurityProfileBindingMap object
DnsSecurityProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDnsSecurityProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDomain (schema)

Wrapper object for Domain

Child wrapper object for domain, used in hierarchical API.

Name Description Type Notes
Domain Domain

Contains the actual domain object.
Domain Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDomain string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildDomainDeploymentMap (schema)

Wrapper object for DomainDeploymentMap

Child wrapper object for DomainDeploymentMap, used in hierarchical API.

Name Description Type Notes
DomainDeploymentMap DomainDeploymentMap

Contains the actual DomainDeploymentMap object.
DomainDeploymentMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildDomainDeploymentMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildEndpointPolicy (schema)

Wrapper object for Endpoint Policy

Child wrapper object for EndpointPolicy used in hierarchical API.

Name Description Type Notes
EndpointPolicy EndpointPolicy

Contains actual EndpointPolicy.
EndpointPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildEndpointPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildEndpointRule (schema)

Wrapper object for Endpoint Rule

Child wrapper object for EndpointRule used in hierarchical API.

Name Description Type Notes
EndpointRule EndpointRule

Contains actual EndpointRule.
EndpointRule Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildEndpointRule string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildEnforcementPoint (schema)

Wrapper object for EnforcementPoint

Child wrapper object for EnforcementPoint, used in hierarchical API.

Name Description Type Notes
EnforcementPoint EnforcementPoint

Contains the actual Enforcement point object.
EnforcementPoint Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildEnforcementPoint string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildEvpnConfig (schema)

Wrapper object for EvpnConfig

Child wrapper object for EvpnConfig, used in hierarchical API.

Name Description Type Notes
EvpnConfig EvpnConfig

Contains the actual EvpnConfig object.
EvpnConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildEvpnConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildEvpnTunnelEndpointConfig (schema)

Wrapper object for EvpnTunnelEndpointConfig

Child wrapper object for EvpnTunnelEndpointConfig, used in hierarchical API.

Name Description Type Notes
EvpnTunnelEndpointConfig EvpnTunnelEndpointConfig

Contains the actual EvpnTunnelEndpointConfig object.
EvpnTunnelEndpointConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildEvpnTunnelEndpointConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildFloodProtectionProfile (schema)

Wrapper object for FloodProtectionProfile

Child wrapper object for FloodProtectionProfile,
used in hierarchical API

Name Description Type Notes
FloodProtectionProfile FloodProtectionProfile

Contains the actual FloodProtectionProfile object
FloodProtectionProfile
(Abstract type: pass one of the following concrete types)
DistributedFloodProtectionProfile
GatewayFloodProtectionProfile		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildFloodProtectionProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildFloodProtectionProfileBindingMap (schema)

Wrapper object for FloodProtectionProfileBindingMap

Child wrapper object for FloodProtectionProfileBindingMap,
used in hierarchical API

Name Description Type Notes
FloodProtectionProfileBindingMap FloodProtectionProfileBindingMap

Contains the actual FloodProtectionProfileBindingMap object
FloodProtectionProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildFloodProtectionProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildForwardingPolicy (schema)

Wrapper object for children of type ForwardingPolicy

Child wrapper object for ForwardingPolicy used in Hierarchical API.

Name Description Type Notes
ForwardingPolicy ForwardingPolicy

Contains actual ForwardingPolicy.
ForwardingPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildForwardingPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildForwardingRule (schema)

Wrapper object for ForwardingRule

Child wrapper object for ForwardingRule used in Hierarchical API.

Name Description Type Notes
ForwardingRule ForwardingRule

Contains actual ForwardingRule.
ForwardingRule Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildForwardingRule string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildFqdnAnalysisConfig (schema)

Wrapper object for FqdnAnalysisConfig

Child wrapper object for FqdnAnalysisConfig, used in hierarchical API

Name Description Type Notes
FqdnAnalysisConfig FQDN Analysis Config

Contains the actual FqdnAnalysisConfig object
FqdnAnalysisConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildFqdnAnalysisConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGatewayPolicy (schema)

Wrapper object for GatewayPolicy

Child wrapper object for GatewayPolicy, used in hierarchical API

Name Description Type Notes
GatewayPolicy GatewayPolicy

Contains the actual GatewayPolicy object
GatewayPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGatewayPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGatewayQosProfile (schema)

Wrapper object for GatewayQosProfile

Child wrapper for GatewayQosProfile, used in hierarchical API.

Name Description Type Notes
QosProfile GatewayQosProfile

Contains the actual GatewayQosProfile object.
GatewayQosProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGatewayQosProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGeneralSecurityProfile (schema)

Wrapper object for GeneralSecurityProfile

Child wrapper object for GeneralSecurityProfile,
used in hierarchical API

Name Description Type Notes
GeneralSecurityProfile GeneralSecurityProfile

Contains the actual GeneralSecurityProfile object
GeneralSecurityProfile
(Abstract type: pass one of the following concrete types)
GatewayGeneralSecurityProfile		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGeneralSecurityProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGeneralSecurityProfileBindingMap (schema)

Wrapper object for GeneralSecurityProfileBindingMap

Child wrapper object for GeneralSecurityProfileBindingMap,
used in hierarchical API

Name Description Type Notes
GeneralSecurityProfileBindingMap GeneralSecurityProfileBindingMap

Contains the actual GeneralSecurityProfileBindingMap object
GeneralSecurityProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGeneralSecurityProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGlobalConfig (schema)

Wrapper object for GlobalConfig

Child wrapper object for GlobalConfig, used in hierarchical API

Name Description Type Notes
GlobalConfig GlobalConfig

Contains the actual GlobalConfig object.
GlobalConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGlobalConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGlobalIdsSignature (schema)

Wrapper object for GlobalIdsSignature

Child wrapper object for GlobalIdsSignature, used in hierarchical API

Name Description Type Notes
GlobalIdsSignature GlobalIdsSignature

Contains the GlobalIdsSignature object
GlobalIdsSignature Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGlobalIdsSignature string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGlobalManager (schema)

Wrapper object for Global Manager

Child wrapper object for Global Manager, used in hierarchical API.

Name Description Type Notes
GlobalManager GlobalManager

Contains the actual Global Manager object.
GlobalManager Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGlobalManager string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGroup (schema)

Wrapper object for Group

Child wrapper object for group, used in hierarchical API.

Name Description Type Notes
Group Group

Contains the actual group objects.
Group Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGroup string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGroupDiscoveryProfileBindingMap (schema)

Wrapper object for GroupDiscoveryProfileBindingMap

Child wrapper obejct for GroupDiscoveryProfileBindingMap used in hierarchical API

Name Description Type Notes
GroupDiscoveryProfileBindingMap GroupDiscoveryProfileBindingMap

Contains the actual GroupDiscoveryProfileBindingMap object
GroupDiscoveryProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGroupDiscoveryProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildGroupMonitoringProfileBindingMap (schema)

Wrapper object for GroupMonitoringProfileBindingMap

Child wrapper object for GroupMonitoringProfileBindingMap, used in hierarchical API

Name Description Type Notes
GroupMonitoringProfileBindingMap GroupMonitoringProfileBindingMap

Contains the actual GroupMonitoringProfileBindingMap object
GroupMonitoringProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildGroupMonitoringProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildHostTransportNode (schema)

Wrapper object for Host Transport Node

Child wrapper for Host Transport Node, used in hierarchical API.

Name Description Type Notes
HostTransportNode Host Transport Node

Contains the actual Host Transport Node object.
HostTransportNode Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildHostTransportNode string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildHostTransportNodeCollection (schema)

Wrapper object for Transport Node Collection

Child wrapper for Transport Collection, used in hierarchical API.

Name Description Type Notes
HostTransportNodeCollection Transport Node Collection

Contains the actual Transport Node Collection object.
HostTransportNodeCollection Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildHostTransportNodeCollection string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPDiscoveryProfile (schema)

Wrapper object for IPDiscoveryProfile

Child wrapper object for IPDiscoveryProfile, used in hierarchical API

Name Description Type Notes
IPDiscoveryProfile IPDiscoveryProfile

Contains the actual IPDiscoveryProfile object
IPDiscoveryProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPDiscoveryProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPFIXDFWCollectorProfile (schema)

Wrapper object for IPFIXDFWCollectorProfile

Child wrapper object for IPFIXDFWCollectorProfile, used in hierarchical API

Name Description Type Notes
IPFIXDFWCollectorProfile IPFIXDFWCollectorProfile

Contains the actual IPFIXDFWCollectorProfile object
IPFIXDFWCollectorProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPFIXDFWCollectorProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPFIXDFWProfile (schema)

Wrapper object for IPFIXDFWProfile

Child wrapper object for IPFIXDFWProfile, used in hierarchical API

Name Description Type Notes
IPFIXDFWProfile IPFIXDFWProfile

Contains the actual IPFIXDFWProfile object
IPFIXDFWProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPFIXDFWProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPFIXL2CollectorProfile (schema)

Wrapper object for IPFIXL2CollectorProfile

Child wrapper object for IPFIXL2CollectorProfile, used in hierarchical API

Name Description Type Notes
IPFIXL2CollectorProfile IPFIXL2CollectorProfile

Contains the actual IPFIXL2CollectorProfile object
IPFIXL2CollectorProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPFIXL2CollectorProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPFIXL2Profile (schema)

Wrapper object for IPFIXL2Profile

Child wrapper object for IPFIXL2Profile, used in hierarchical API

Name Description Type Notes
IPFIXL2Profile IPFIXL2Profile

Contains the actual IPFIXL2Profile object
IPFIXL2Profile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPFIXL2Profile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPSecVpnDpdProfile (schema)

Wrapper object for IPSecVpnDpdProfile

Child wrapper object for IPSecVpnDpdProfile, used in hierarchical API.

Name Description Type Notes
IPSecVpnDpdProfile IPSecVpnDpdProfile

Contains the actual IPSecVpnDpdProfile object.
IPSecVpnDpdProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPSecVpnDpdProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPSecVpnIkeProfile (schema)

Wrapper object for IPSecVpnIkeProfile

Child wrapper object for IPSecVpnIkeProfile, used in hierarchical API.

Name Description Type Notes
IPSecVpnIkeProfile IPSecVpnIkeProfile

Contains the actual IPSecVpnIkeProfile object.
IPSecVpnIkeProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPSecVpnIkeProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPSecVpnLocalEndpoint (schema)

Wrapper object for IPSecVpnLocalEndpoint

Child wrapper object for IPSecVpnLocalEndpoint, used in hierarchical API.

Name Description Type Notes
IPSecVpnLocalEndpoint IPSecVpnLocalEndpoint

Contains the actual IPSecVpnLocalEndpoint object.
IPSecVpnLocalEndpoint Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPSecVpnLocalEndpoint string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPSecVpnService (schema)

Wrapper object for IPSecVpnService

Child wrapper object for IPSecVpnService, used in hierarchical API.

Name Description Type Notes
IPSecVpnService IPSecVpnService

Contains the actual IPSecVpnService object.
IPSecVpnService Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPSecVpnService string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPSecVpnSession (schema)

Wrapper object for IPSecVpnSession

Child wrapper object for IPSecVpnSession, used in hierarchical API.

Name Description Type Notes
IPSecVpnSession IPSecVpnSession

Contains the actual IPSecVpnSession object.
IPSecVpnSession
(Abstract type: pass one of the following concrete types)
PolicyBasedIPSecVpnSession
RouteBasedIPSecVpnSession		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPSecVpnSession string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIPSecVpnTunnelProfile (schema)

Wrapper object for IPSecVpnTunnelProfile

Child wrapper object for IPSecVpnTunnelProfile, used in hierarchical API.

Name Description Type Notes
IPSecVpnTunnelProfile IPSecVpnTunnelProfile

Contains the actual IPSecVpnTunnelProfile object
IPSecVpnTunnelProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIPSecVpnTunnelProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsClusterConfig (schema)

Wrapper object for IdsClusterConfig

Child wrapper object for IdsClusterConfig, used in hierarchical API

Name Description Type Notes
IdsClusterConfig IdsClusterConfig

Contains the IdsClusterConfig object
IdsClusterConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsClusterConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsGatewayPolicy (schema)

Wrapper object for IdsGatewayPolicy

Child wrapper object for IdsGatewayPolicy, used in hierarchical API

Name Description Type Notes
IdsGatewayPolicy IdsGatewayPolicy

Contains the IdsGatewayPolicy object
IdsGatewayPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsGatewayPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsGlobalEventConfig (schema)

Wrapper object for IdsGlobalEventConfig

Child wrapper object for IdsGlobalEventConfig, used in hierarchical API

Name Description Type Notes
IdsGlobalEventConfig IdsGlobalEventConfig

Contains the IdsGlobalEventConfig object
IdsGlobalEventConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsGlobalEventConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsProfile (schema)

Wrapper object for IdsProfile

Child wrapper object for IdsProfile, used in hierarchical API

Name Description Type Notes
IdsProfile IdsProfile

Contains the IdsProfile object
IdsProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsRule (schema)

Wrapper object for IdsRule

Child wrapper object for IdsRule, used in hierarchical API

Name Description Type Notes
IdsRule IdsRule

Contains the IdsRule object
IdsRule Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsRule string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsSecurityPolicy (schema)

Wrapper object for IdsSecurityPolicy

Child wrapper object for IdsSecurityPolicy, used in hierarchical API

Name Description Type Notes
IdsSecurityPolicy IdsSecurityPolicy

Contains the IdsSecurityPolicy object
IdsSecurityPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsSecurityPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsSettings (schema)

Wrapper object for IdsSettings

Child wrapper object for IdsSettings, used in hierarchical API

Name Description Type Notes
IdsSettings IdsSettings

Contains the IdsSettings object
IdsSettings Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsSettings string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsSignature (schema)

Wrapper object for IdsSignature

Child wrapper object for IdsSignature, used in hierarchical API

Name Description Type Notes
IdsSignature IdsSignature

Contains the IdsSignature object
IdsSignature Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsSignature string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsSignatureStatus (schema)

Wrapper object for IdsSignatureStatus

Child wrapper object for IdsSignatureStatus, used in hierarchical API

Name Description Type Notes
IdsSignatureStatus IdsSignatureStatus

Contains the IdsSignatureStatus object
IdsSignatureStatus Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsSignatureStatus string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIdsStandaloneHostConfig (schema)

Wrapper object for IdsStandaloneHostConfig

Child wrapper object for IdsStandaloneHostConfig, used in hierarchical API

Name Description Type Notes
IdsStandaloneHostConfig IdsStandaloneHostConfig

Contains the IdsStandaloneHostConfig object
IdsStandaloneHostConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIdsStandaloneHostConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildInfra (schema)

Wrapper object for Infra

Child wrapper object for Infra, used in multi-tenancy hierarchical API

Name Description Type Notes
Infra Infra

Contains the actual Infra object
Infra Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildInfra string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIpAddressAllocation (schema)

Wrapper object for IpAddressAllocation

Child wrapper object for IpAddressAllocation, used in hierarchical API

Name Description Type Notes
IpAddressAllocation IpAddressAllocation

Contains the actual IpAddressAllocation object
IpAddressAllocation Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIpAddressAllocation string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIpAddressBlock (schema)

Wrapper object for IpAddressBlock

Child wrapper object for IpAddressBlock, used in hierarchical API

Name Description Type Notes
IpAddressBlock IpAddressBlock

Contains the actual IpAddressBlock object
IpAddressBlock Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIpAddressBlock string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIpAddressPool (schema)

Wrapper object for IpAddressPool

Child wrapper object for IpAddressPool, used in hierarchical API

Name Description Type Notes
IpAddressPool IpAddressPool

Contains the actual IpAddressPool object
IpAddressPool Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIpAddressPool string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIpAddressPoolSubnet (schema)

Wrapper object for IpAddressPoolSubnet

Child wrapper object for IpAddressPoolSubnet, used in hierarchical API

Name Description Type Notes
IpAddressPoolSubnet IpAddressPoolSubnet

Contains the actual IpAddressPoolSubnet object
IpAddressPoolSubnet
(Abstract type: pass one of the following concrete types)
IpAddressPoolBlockSubnet
IpAddressPoolStaticSubnet		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIpAddressPoolSubnet string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIpv6DadProfile (schema)

Wrapper object for Ipv6DadProfile

Child wrapper object for Ipv6DadProfile, used in hierarchical API

Name Description Type Notes
Ipv6DadProfile Ipv6DadProfile

Contains the actual Ipv6DadProfile objects
Ipv6DadProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIpv6DadProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildIpv6NdraProfile (schema)

Wrapper object for Ipv6NdraProfile

Child wrapper object for Ipv6NdraProfile, used in hierarchical API

Name Description Type Notes
Ipv6NdraProfile Ipv6NdraProfile

Contains the actual Ipv6NdraProfile objects
Ipv6NdraProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildIpv6NdraProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL2BridgeEndpointProfile (schema)

Wrapper object for L2BridgeEndpointProfile

Child wrapper object for L2BridgeEndpointProfile, used in hierarchical API

Name Description Type Notes
L2BridgeEndpointProfile L2BridgeEndpointProfile

Contains the actual L2BridgeEndpointProfile object		 L2BridgeEndpointProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL2BridgeEndpointProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL2VPNService (schema)

Wrapper object for L2VPNService

Child wrapper object for L2VPNService, used in hierarchical API.

Name Description Type Notes
L2VPNService L2VPNService

Contains the actual L2VPNService object.
L2VPNService Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL2VPNService string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL2VPNSession (schema)

Wrapper object for L2VPNSession

Child wrapper object for L2VPNSession, used in hierarchical API.

Name Description Type Notes
L2VPNSession L2VPNSession

Contains the actual L2VPNSession object.
L2VPNSession Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL2VPNSession string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL2Vpn (schema) (Deprecated)

Wrapper object for L2Vpn

Child wrapper object for L2Vpn, used in hierarchical API.

Name Description Type Notes
L2Vpn L2Vpn

Contains the actual L2Vpn object.
L2Vpn Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL2Vpn string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL2VpnContext (schema) (Deprecated)

Wrapper object for L2VpnContext

Child wrapper object for L2VpnContext, used in hierarchical API.

Name Description Type Notes
L2VpnContext L2VpnContext

Contains the actual L2VpnContext object.
L2VpnContext Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL2VpnContext string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL3Vpn (schema) (Deprecated)

Wrapper object for L3Vpn

Child wrapper object for L3Vpn, used in hierarchical API.

Name Description Type Notes
L3Vpn L3Vpn

Contains the actual L3Vpn object.
L3Vpn Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL3Vpn string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL3VpnContext (schema) (Deprecated)

Wrapper object for L3VpnContext

Child wrapper object for L3VpnContext, used in hierarchical API.

Name Description Type Notes
L3VpnContext L3VpnContext

Contains the actual L3VpnContext object.
L3VpnContext Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL3VpnContext string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL7AccessEntry (schema)

Wrapper object for L7 Access Entry

Child wrapper object for L7 Access Entry, used in hierarchical API

Name Description Type Notes
L7AccessEntry L7 Access Entry

Contains the actual L7 access entry object
L7AccessEntry Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL7AccessEntry string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildL7AccessProfile (schema)

Wrapper object for L7 Access Profile

Child wrapper object for L7 Access Profile, used in hierarchical API

Name Description Type Notes
L7AccessProfile L7 access profile

Contains the actual L7 access profile object
L7AccessProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildL7AccessProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBAppProfile (schema)

Wrapper object for LBAppProfile

Child wrapper for LBAppProfile, used in hierarchical API.

Name Description Type Notes
LBAppProfile LBAppProfile

Contains the actual LBAppProfile object.
LBAppProfile
(Abstract type: pass one of the following concrete types)
LBFastTcpProfile
LBFastUdpProfile
LBHttpProfile		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBAppProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBClientSslProfile (schema) (Deprecated)

Wrapper object for LBClientSslProfile

Child wrapper for LBClientSslProfile, used in hierarchical API.

Name Description Type Notes
LBClientSslProfile LBClientSslProfile

Contains the actual LBClientSslProfile object.
LBClientSslProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBClientSslProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBMonitorProfile (schema) (Deprecated)

Wrapper object for LBMonitorProfile

Child wrapper for LBMonitorProfile, used in hierarchical API.

Name Description Type Notes
LBMonitorProfile LBMonitorProfile

Contains the actual LBMonitorProfile object.
LBMonitorProfile
(Abstract type: pass one of the following concrete types)
LBActiveMonitor
LBHttpMonitorProfile
LBHttpsMonitorProfile
LBIcmpMonitorProfile
LBPassiveMonitorProfile
LBTcpMonitorProfile
LBUdpMonitorProfile		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBMonitorProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBPersistenceProfile (schema)

Wrapper object for LBPersistenceProfile

Child wrapper for LBPersistenceProfile, used in hierarchical API.

Name Description Type Notes
LBPersistenceProfile LBPersistenceProfile

Contains the actual LBPersistenceProfile object.
LBPersistenceProfile
(Abstract type: pass one of the following concrete types)
LBCookiePersistenceProfile
LBGenericPersistenceProfile
LBSourceIpPersistenceProfile		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBPersistenceProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBPool (schema)

Wrapper object for LBPool

Child wrapper for LBPool, used in hierarchical API.

Name Description Type Notes
LBPool LBPool

Contains the actual LBPool object.
LBPool Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBPool string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBServerSslProfile (schema) (Deprecated)

Wrapper object for LBServerSslProfile

Child wrapper for LBServerSslProfile, used in hierarchical API.

Name Description Type Notes
LBServerSslProfile LBServerSslProfile

Contains the actual LBServerSslProfile object.
LBServerSslProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBServerSslProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBService (schema)

Wrapper object for LBService

Child wrapper for LBService, used in hierarchical API.

Name Description Type Notes
LBService LBService

Contains the actual LBService object.
LBService Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBService string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLBVirtualServer (schema)

Wrapper object for LBVirtualServer

Child wrapper for LBVirtualServer, used in hierarchical API.

Name Description Type Notes
LBVirtualServer LBVirtualServer

Contains the actual LBVirtualServer object.
LBVirtualServer Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLBVirtualServer string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLiveTraceConfig (schema)

Wrapper object for LiveTraceConfig

Child wrapper for LiveTraceConfig for Hierarchical API

Name Description Type Notes
LiveTraceConfig LiveTraceConfig

The actual LiveTraceConfig object.
LiveTraceConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLiveTraceConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildLocaleServices (schema)

Wrapper object for LocaleServices

Child wrapper object for LocaleServices, used in hierarchical API

Name Description Type Notes
LocaleServices LocaleServices

Contains the actual LocaleServices object
LocaleServices Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildLocaleServices string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildMacDiscoveryProfile (schema)

Wrapper object for MacDiscoveryProfile

Child wrapper object for MacDiscoveryProfile, used in hierarchical API

Name Description Type Notes
MacDiscoveryProfile MacDiscoveryProfile

Contains the actual MacDiscoveryProfile object
MacDiscoveryProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildMacDiscoveryProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildMalwarePreventionProfile (schema)

Wrapper object for MalwarePreventionProfile

Child wrapper object for MalwarePreventionProfile, used in hierarchical API

Name Description Type Notes
MalwarePreventionProfile MalwarePreventionProfile

Contains the MalwarePreventionProfile object
MalwarePreventionProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildMalwarePreventionProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildMalwarePreventionSignature (schema)

Wrapper object for MalwarePreventionSignature

Child wrapper object for MalwarePreventionSignature, used in hierarchical API

Name Description Type Notes
MalwarePreventionSignature MalwarePreventionSignature

Contains the MalwarePreventionSignature object
MalwarePreventionSignature Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildMalwarePreventionSignature string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildMetadataProxyConfig (schema)

Wrapper object for MetadataProxyConfig

Name Description Type Notes
MetadataProxyConfig MetadataProxyConfig

Contains the actual MetadataProxyConfig object.
MetadataProxyConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildMetadataProxyConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildOpsGlobalConfig (schema)

Wrapper object for OpsGlobalConfig

Child wrapper object for OpsGlobalConfig, used in hierarchical API

Name Description Type Notes
GlobalConfig OpsGlobalConfig

Contains the actual OpsGlobalConfig object.
OpsGlobalConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildOpsGlobalConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildOspfAreaConfig (schema)

Wrapper object for OSPF routing config

Child wrapper object for OspfAreaConfig used in hierarchical API.

Name Description Type Notes
OspfAreaConfig OspfAreaConfig

Contains actual OspfAreaConfig.
OspfAreaConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildOspfAreaConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildOspfRoutingConfig (schema)

Wrapper object for OSPF routing config

Child wrapper object for OspfRoutingConfig used in hierarchical API.

Name Description Type Notes
OspfRoutingConfig OspfRoutingConfig

Contains actual OspfRoutingConfig.
OspfRoutingConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildOspfRoutingConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyConfigResource (schema)

Represents the desired state object as child resource

Represents an object on the desired state This is an abstract type. Concrete child types:
ChildALBAlertScriptConfig
ChildALBAnalyticsProfile
ChildALBApplicationPersistenceProfile
ChildALBApplicationProfile
ChildALBAuthProfile
ChildALBAutoScaleLaunchConfig
ChildALBCertificateManagementProfile
ChildALBDnsPolicy
ChildALBErrorPageBody
ChildALBErrorPageProfile
ChildALBHTTPPolicySet
ChildALBHardwareSecurityModuleGroup
ChildALBHealthMonitor
ChildALBIpAddrGroup
ChildALBL4PolicySet
ChildALBNetworkProfile
ChildALBNetworkSecurityPolicy
ChildALBPKIProfile
ChildALBPool
ChildALBPoolGroup
ChildALBPoolGroupDeploymentPolicy
ChildALBPriorityLabels
ChildALBProtocolParser
ChildALBSSLKeyAndCertificate
ChildALBSSLProfile
ChildALBSSOPolicy
ChildALBSecurityPolicy
ChildALBServerAutoScalePolicy
ChildALBStringGroup
ChildALBTrafficCloneProfile
ChildALBVSDataScriptSet
ChildALBVirtualService
ChildALBVsVip
ChildALBWafCRS
ChildALBWafPolicy
ChildALBWafPolicyPSMGroup
ChildALBWafProfile
ChildALBWebhook
ChildAntreaTraceflowConfig
ChildBfdProfile
ChildBgpNeighborConfig
ChildBgpRoutingConfig
ChildByodPolicyServiceInstance
ChildCaBundle
ChildCommunicationEntry
ChildCommunicationMap
ChildCommunityList
ChildComputeClusterIdfwConfiguration
ChildConstraint
ChildDeploymentZone
ChildDfwFirewallConfiguration
ChildDhcpRelayConfig
ChildDhcpServerConfig
ChildDhcpStaticBindingConfig
ChildDomain
ChildDomainDeploymentMap
ChildEndpointPolicy
ChildEndpointRule
ChildEnforcementPoint
ChildEvpnConfig
ChildEvpnTunnelEndpointConfig
ChildFloodProtectionProfile
ChildFloodProtectionProfileBindingMap
ChildForwardingPolicy
ChildForwardingRule
ChildFqdnAnalysisConfig
ChildGatewayPolicy
ChildGatewayQosProfile
ChildGeneralSecurityProfile
ChildGeneralSecurityProfileBindingMap
ChildGlobalIdsSignature
ChildGlobalManager
ChildGroup
ChildGroupMonitoringProfileBindingMap
ChildHostTransportNode
ChildHostTransportNodeCollection
ChildIPDiscoveryProfile
ChildIPFIXDFWCollectorProfile
ChildIPFIXDFWProfile
ChildIPFIXL2CollectorProfile
ChildIPFIXL2Profile
ChildIPSecVpnDpdProfile
ChildIPSecVpnIkeProfile
ChildIPSecVpnLocalEndpoint
ChildIPSecVpnService
ChildIPSecVpnSession
ChildIPSecVpnTunnelProfile
ChildIdsClusterConfig
ChildIdsGatewayPolicy
ChildIdsGlobalEventConfig
ChildIdsProfile
ChildIdsRule
ChildIdsSecurityPolicy
ChildIdsSettings
ChildIdsSignature
ChildIdsSignatureStatus
ChildIdsStandaloneHostConfig
ChildIpAddressAllocation
ChildIpAddressBlock
ChildIpAddressPool
ChildIpAddressPoolSubnet
ChildL2VPNService
ChildL2VPNSession
ChildL2Vpn
ChildL2VpnContext
ChildL3Vpn
ChildL3VpnContext
ChildL7AccessEntry
ChildL7AccessProfile
ChildLBAppProfile
ChildLBClientSslProfile
ChildLBMonitorProfile
ChildLBPersistenceProfile
ChildLBPool
ChildLBServerSslProfile
ChildLBService
ChildLBVirtualServer
ChildLiveTraceConfig
ChildLocaleServices
ChildMacDiscoveryProfile
ChildMalwarePreventionProfile
ChildMalwarePreventionSignature
ChildMetadataProxyConfig
ChildPolicyContextProfile
ChildPolicyDnsForwarder
ChildPolicyDnsForwarderZone
ChildPolicyEdgeCluster
ChildPolicyEdgeNode
ChildPolicyExcludeList
ChildPolicyFirewallScheduler
ChildPolicyFirewallSessionTimerProfile
ChildPolicyLabel
ChildPolicyLatencyStatProfile
ChildPolicyNat
ChildPolicyNatRule
ChildPolicySIExcludeList
ChildPolicyServiceChain
ChildPolicyServiceInstance
ChildPolicyServiceProfile
ChildPolicyTlsConfigProfile
ChildPolicyTransportZone
ChildPolicyTransportZoneProfile
ChildPolicyUrlCategorizationConfig
ChildPortDiscoveryProfileBindingMap
ChildPortMirroringProfile
ChildPortMonitoringProfileBindingMap
ChildPortQoSProfileBindingMap
ChildPortSecurityProfileBindingMap
ChildPrefixList
ChildQoSProfile
ChildRedirectionPolicy
ChildRedirectionRule
ChildRule
ChildSIStatusConfiguration
ChildSecurityFeatures
ChildSecurityPolicy
ChildSegment
ChildSegmentDiscoveryProfileBindingMap
ChildSegmentMonitoringProfileBindingMap
ChildSegmentPort
ChildSegmentQoSProfileBindingMap
ChildSegmentSecurityProfile
ChildSegmentSecurityProfileBindingMap
ChildService
ChildServiceEntry
ChildServiceInstanceEndpoint
ChildServiceInterface
ChildServiceReference
ChildServiceSegment
ChildSessionTimerProfileBindingMap
ChildShaDynamicPlugin
ChildShaPluginProfile
ChildShaPredefinedPlugin
ChildSite
ChildSpoofGuardProfile
ChildStandaloneHostIdfwConfiguration
ChildStaticARPConfig
ChildStaticMimeContent
ChildStaticRouteBfdPeer
ChildStaticRoutes
ChildTagBulkOperation
ChildTier0
ChildTier0DeploymentMap
ChildTier0Interface
ChildTier0RouteMap
ChildTier0SecurityFeatures
ChildTier1
ChildTier1DeploymentMap
ChildTier1Interface
ChildTlsCertificate
ChildTlsConfigProfileBindingMap
ChildTlsCrl
ChildTlsPolicy
ChildTlsProfile
ChildTlsRule
ChildTlsTrustData
ChildTraceflowConfig
ChildVMTagReplicationPolicy
ChildVirtualEndpoint
ChildVniPoolConfig

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyConfigResource string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyContextProfile (schema)

Wrapper object for PolicyContextProfile

Child wrapper object for PolicyContextProfile, used in hierarchical API

Name Description Type Notes
PolicyContextProfile PolicyContextProfile

Contains the actual PolicyContextProfile objects
PolicyContextProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyContextProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyCustomAttributes (schema)

Wrapper object for PolicyCustomAttributes

Child wrapper object for PolicyCustomAttributes, used in hierarchical API

Name Description Type Notes
PolicyCustomAttributes PolicyCustomAttributes

Contains the actual PolicyCustomAttributes objects
PolicyCustomAttributes Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyCustomAttributes string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyDnsForwarder (schema)

Wrapper object for PolicyDnsForwarder

Child wrapper object for PolicyDnsForwarder, used in hierarchical API

Name Description Type Notes
PolicyDnsForwarder PolicyDnsForwarder

Contains the actual PolicyDnsForwarder object
PolicyDnsForwarder Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyDnsForwarder string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyDnsForwarderZone (schema)

Wrapper object for PolicyDnsForwarderZone

Child wrapper object for PolicyDnsForwarderZone, used in hierarchical API

Name Description Type Notes
PolicyDnsForwarderZone PolicyDnsForwarderZone

Contains the actual PolicyDnsForwarderZone object
PolicyDnsForwarderZone Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyDnsForwarderZone string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyEdgeCluster (schema)

Wrapper object for PolicyEdgeCluster

Child wrapper object for PolicyEdgeCluster, used in hierarchical API.

Name Description Type Notes
PolicyEdgeCluster PolicyEdgeCluster

Contains the actual PolicyEdgeCluster object.
PolicyEdgeCluster Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyEdgeCluster string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyEdgeNode (schema)

Wrapper object for PolicyEdgeNode

Child wrapper object for PolicyEdgeNode, used in hierarchical API.

Name Description Type Notes
PolicyEdgeNode PolicyEdgeNode

Contains the actual PolicyEdgeNode object.
PolicyEdgeNode Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyEdgeNode string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyExcludeList (schema)

Wrapper object for PolicyExcludeList

Name Description Type Notes
PolicyExcludeList PolicyExcludeList

Contains the actual policy exclude list object.
PolicyExcludeList Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyExcludeList string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyFirewallCPUMemThresholdsProfileBindingMap (schema)

Wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap

Child wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap,
used in hierarchical API.

Name Description Type Notes
PolicyFirewallCPUMemThresholdsProfileBindingMap PolicyFirewallCPUMemThresholdsProfileBindingMap

Contains the actual PolicyFirewallCPUMemThresholdsProfileBindingMap object.
PolicyFirewallCPUMemThresholdsProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyFirewallCPUMemThresholdsProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyFirewallCpuMemThresholdsProfile (schema)

Wrapper object for PolicyFirewallCpuMemThresholdsProfile

Child wrapper object for PolicyFirewallCpuMemThresholdsProfile, used in
hierarchical API.

Name Description Type Notes
PolicyFirewallCpuMemThresholdsProfile PolicyFirewallCpuMemThresholdsProfile

Contains the actual PolicyFirewallCpuMemThresholdsProfile object
PolicyFirewallCpuMemThresholdsProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyFirewallCpuMemThresholdsProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyFirewallFloodProtectionProfileBindingMap (schema)

Wrapper object for PolicyFirewallFloodProtectionProfileBindingMap

Child wrapper object for PolicyFirewallFloodProtectionProfileBindingMap,
used in hierarchical API

Name Description Type Notes
PolicyFirewallFloodProtectionProfileBindingMap PolicyFirewallFloodProtectionProfileBindingMap

Contains the actual PolicyFirewallFloodProtectionProfileBindingMap object
PolicyFirewallFloodProtectionProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyFirewallFloodProtectionProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyFirewallScheduler (schema)

Wrapper object for PolicyFirewallScheduler

Child wrapper object for PolicyFirewallScheduler, used in hierarchical API

Name Description Type Notes
PolicyFirewallScheduler PolicyFirewallScheduler

Contains the actual PolicyFirewallScheduler objects
PolicyFirewallScheduler Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyFirewallScheduler string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyFirewallSessionTimerProfile (schema)

Wrapper object for PolicyFirewallSessionTimerProfile

Child wrapper object for PolicyFirewallSessionTimerProfile,
used in hierarchical API

Name Description Type Notes
PolicyFirewallSessionTimerProfile PolicyFirewallSessionTimerProfile

Contains the actual PolicyFirewallSessionTimerProfile object
PolicyFirewallSessionTimerProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyFirewallSessionTimerProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyFirewallSessionTimerProfileBindingMap (schema)

Wrapper object for PolicyFirewallSessionTimerProfileBindingMap

Child wrapper object for PolicyFirewallSessionTimerProfileBindingMap,
used in hierarchical API

Name Description Type Notes
PolicyFirewallSessionTimerProfileBindingMap PolicyFirewallSessionTimerProfileBindingMap

Contains the actual PolicyFirewallSessionTimerProfileBindingMap object
PolicyFirewallSessionTimerProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyFirewallSessionTimerProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyIgmpProfile (schema)

Wrapper object for PolicyIgmpProfile

Child wrapper object for PolicyIgmpProfile used in hierarchical API.

Name Description Type Notes
PolicyIgmpProfile PolicyIgmpProfile

Contains actual PolicyIgmpProfile.
PolicyIgmpProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyIgmpProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyLabel (schema)

Wrapper object for PolicyLabel

Child wrapper object for PolicyLabel, used in hierarchical API

Name Description Type Notes
PolicyLabel PolicyLabel

Contains the actual PolicyLabel object
PolicyLabel Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyLabel string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyLatencyStatProfile (schema)

Wrapper object for PolicyLatencyStatProfile

Child wrapper object for PolicyLatencyStatProfile, used in hierarchical API

Name Description Type Notes
PolicyLatencyStatProfile PolicyLatencyStatProfile

Contains the actual PolicyLatencyStatProfile object
PolicyLatencyStatProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyLatencyStatProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyMulticastConfig (schema)

Wrapper object for PolicyMulticastConfig

Child wrapper object for PolicyMulticastConfig used in hierarchical API.

Name Description Type Notes
PolicyMulticastConfig PolicyMulticastConfig

Contains actual PolicyMulticastConfig.
PolicyMulticastConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyMulticastConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyNat (schema)

Wrapper object for PolicyNat

Child wrapper object for PolicyNat, used in hierarchical API

Name Description Type Notes
PolicyNat PolicyNat

Contains the actual PolicyNAT object
PolicyNat Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyNat string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyNatRule (schema)

Wrapper object for PolicyNatRule

Child wrapper object for PolicyNatRule, used in hierarchical API

Name Description Type Notes
PolicyNatRule PolicyNatRule

Contains the actual PolicyNatRule object
PolicyNatRule Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyNatRule string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyPimProfile (schema)

Wrapper object for PolicyPimProfile

Child wrapper object for PolicyPimProfile used in hierarchical API.

Name Description Type Notes
PolicyPimProfile PolicyPimProfile

Contains actual PolicyPimProfile.
PolicyPimProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyPimProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicySIExcludeList (schema)

Wrapper object for PolicySIExcludeList

Name Description Type Notes
PolicySIExcludeList PolicySIExcludeList

Contains the actual policy exclude list object.
PolicySIExcludeList Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicySIExcludeList string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyServiceChain (schema)

Wrapper object for PolicyServiceChain

Child wrapper object for PolicyServiceInstance used in hierarchical API.

Name Description Type Notes
PolicyServiceChain PolicyServiceChain

Contains actual PolicyServiceChain.
PolicyServiceChain Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyServiceChain string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyServiceInstance (schema)

Wrapper object for PolicyServiceInstance

Child wrapper object for PolicyServiceInstance used in hierarchical API.

Name Description Type Notes
PolicyServiceInstance PolicyServiceInstance

Contains actual PolicyServiceInstance.
PolicyServiceInstance Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyServiceInstance string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyServiceProfile (schema)

Wrapper object for PolicyServiceProfile

Child wrapper object for PolicyServiceProfile used in hierarchical API.

Name Description Type Notes
PolicyServiceProfile PolicyServiceProfile

Contains actual PolicyServiceProfile.
PolicyServiceProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyServiceProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyTier1MulticastConfig (schema)

Wrapper object for PolicyTier1MulticastConfig

Child wrapper object for PolicyTier1MulticastConfig used in hierarchical API.

Name Description Type Notes
PolicyTier1MulticastConfig PolicyTier1MulticastConfig

Contains actual PolicyTier1MulticastConfig.
PolicyTier1MulticastConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyTier1MulticastConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyTlsConfigProfile (schema)

Wrapper object for PolicyTlsConfigProfile

Child wrapper object for PolicyTlsConfigProfile,
used in hierarchical API

Name Description Type Notes
PolicyTlsConfigProfile PolicyTlsConfigProfile

Contains the actual PolicyTlsConfigProfile object
PolicyTlsConfigProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyTlsConfigProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyTransportZone (schema)

Wrapper object for PolicyTransportZone

Child wrapper object for PolicyTransportZone, used in hierarchical API.

Name Description Type Notes
PolicyTransportZone PolicyTransportZone

Contains the actual PolicyTransportZone object.
PolicyTransportZone Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyTransportZone string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyTransportZoneProfile (schema)

Wrapper object for PolicyTransportZoneProfile

Child wrapper object for PolicyTransportZoneProfile, used in hierarchical API.

Name Description Type Notes
PolicyTransportZoneProfile PolicyTransportZoneProfile

Contains the actual PolicyTransportZoneProfile object.
PolicyTransportZoneProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyTransportZoneProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPolicyUrlCategorizationConfig (schema)

Wrapper object for PolicyUrlCategorizationConfig

Child wrapper object for PolicyUrlCategorizationConfig, used in hierarchical API

Name Description Type Notes
PolicyUrlCategorizationConfig URL Categorization Config

Contains the actual PolicyUrlCategorizationConfig object
PolicyUrlCategorizationConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPolicyUrlCategorizationConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPortDiscoveryProfileBindingMap (schema)

Wrapper object for PortDiscoveryProfileBindingMap

Child wrapper object for PortDiscoveryProfileBindingMap, used in hierarchical API

Name Description Type Notes
PortDiscoveryProfileBindingMap PortDiscoveryProfileBindingMap

Contains the actual PortDiscoveryProfileBindingMap object
PortDiscoveryProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPortDiscoveryProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPortMirroringProfile (schema)

Wrapper object for PortMirroringProfile

Child wrapper object for PortMirroringProfile, used in hierarchical API

Name Description Type Notes
PortMirroringProfile PortMirroringProfile

Contains the actual PortMirroringProfile object
PortMirroringProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPortMirroringProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPortMonitoringProfileBindingMap (schema)

Wrapper object for PortMonitoringProfileBindingMap

Child wrapper object for PortMonitoringProfileBindingMap, used in hierarchical API

Name Description Type Notes
PortMonitoringProfileBindingMap PortMonitoringProfileBindingMap

Contains the actual PortMonitoringProfileBindingMap object
PortMonitoringProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPortMonitoringProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPortQoSProfileBindingMap (schema)

Wrapper object for PortQoSProfileBindingMap

Child wrapper object for PortQoSProfileBindingMap, used in hierarchical API

Name Description Type Notes
PortQoSProfileBindingMap PortQoSProfileBindingMap

Contains the actual PortQoSProfileBindingMap object
PortQoSProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPortQoSProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPortSecurityProfileBindingMap (schema)

Wrapper object for PortSecurityProfileBindingMap

Child wrapper object for PortSecurityProfileBindingMap, used in hierarchical API

Name Description Type Notes
PortSecurityProfileBindingMap PortSecurityProfileBindingMap

Contains the actual PortSecurityProfileBindingMap object
PortSecurityProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPortSecurityProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildPrefixList (schema)

Wrapper object for PrefixList

Child wrapper object for PrefixList, used in hierarchical API.

Name Description Type Notes
PrefixList PrefixList

Contains the actual PrefixList object.
PrefixList Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildPrefixList string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildQoSProfile (schema)

Wrapper object for QoSProfile

Child wrapper object for QoSProfile, used in hierarchical API

Name Description Type Notes
QoSProfile QoSProfile

Contains the actual QoSProfile object
QoSProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildQoSProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildReaction (schema)

Wrapper object for Reaction

Child wrapper object for Reaction used in hierarchical API.

Name Description Type Notes
Reaction Reaction

Contains the actual Reaction object.
Reaction Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildReaction string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildRedirectionPolicy (schema)

Wrapper object for RedirectionPolicy

Child wrapper object for RedirectionPolicy used in Hierarchical API.

Name Description Type Notes
RedirectionPolicy RedirectionPolicy

Contains actual RedirectionPolicy.
RedirectionPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildRedirectionPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildRedirectionRule (schema)

Wrapper object for RedirectionRule

Child wrapper object for ChildRedirectionRule used in Hierarchical API.

Name Description Type Notes
RedirectionRule RedirectionRule

Contains actual RedirectionRule.
RedirectionRule Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildRedirectionRule string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildResourceReference (schema)

Represents the reference to ChildPolicyConfigResource

Represents a reference to ChildPolicyConfigResource in the hierarchical API. resource_type, id and target_type are mandatory fields.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildResourceReference string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target_type The target type of this reference string Required

ChildRule (schema)

Wrapper object for Rule

Child wrapper object for Rule, used in hierarchical API

Name Description Type Notes
Rule Rule

Contains the actual Rule object
Rule Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildRule string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSIStatusConfiguration (schema) (Experimental)

Wrapper object for PolicySIStatusConfiguration

Name Description Type Notes
PolicySIStatusConfiguration Contains the actual service insertion status configuration list object.
PolicySIStatusConfiguration Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSIStatusConfiguration string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSecurityFeatures (schema)

Wrapper object for Security Feature

Child wrapper object for T1 Security Feature, used in hierarchical API

Name Description Type Notes
SecurityFeatures Security configs

Contains the actual SecurityFeatures object
SecurityFeatures Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSecurityFeatures string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSecurityPolicy (schema)

Wrapper object for SecurityPolicy

Child wrapper object for SecurityPolicy, used in hierarchical API

Name Description Type Notes
SecurityPolicy SecurityPolicy

Contains the actual SecurityPolicy object
SecurityPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSecurityPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSegment (schema)

Wrapper object for Segment

Child wrapper object for Segment, used in hierarchical API.

Name Description Type Notes
Segment Segment

Contains the actual Segment object.
Segment Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSegment string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSegmentDiscoveryProfileBindingMap (schema)

Wrapper object for SegmentDiscoveryProfileBindingMap

Child wrapper object for SegmentDiscoveryProfileBindingMap, used in hierarchical API

Name Description Type Notes
SegmentDiscoveryProfileBindingMap SegmentDiscoveryProfileBindingMap

Contains the actual SegmentDiscoveryProfileBindingMap object
SegmentDiscoveryProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSegmentDiscoveryProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSegmentMonitoringProfileBindingMap (schema)

Wrapper object for SegmentMonitoringProfileBindingMap

Child wrapper object for SegmentMonitoringProfileBindingMap, used in hierarchical API

Name Description Type Notes
SegmentMonitoringProfileBindingMap SegmentMonitoringProfileBindingMap

Contains the actual SegmentMonitoringProfileBindingMap object
SegmentMonitoringProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSegmentMonitoringProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSegmentPort (schema)

Wrapper object for SegmentPort

Child wrapper object for SegmentPort, used in hierarchical API

Name Description Type Notes
SegmentPort SegmentPort

Contains the actual SegmentPort object
SegmentPort Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSegmentPort string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSegmentQoSProfileBindingMap (schema)

Wrapper object for SegmentQoSProfileBindingMap

Child wrapper object for SegmentQoSProfileBindingMap, used in hierarchical API

Name Description Type Notes
SegmentQoSProfileBindingMap SegmentQoSProfileBindingMap

Contains the actual SegmentQoSProfileBindingMap object
SegmentQoSProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSegmentQoSProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSegmentSecurityProfile (schema)

Wrapper object for SegmentSecurityProfile

Child wrapper object for SegmentSecurityProfile, used in hierarchical API

Name Description Type Notes
SegmentSecurityProfile SegmentSecurityProfile

Contains the actual SegmentSecurityProfile object
SegmentSecurityProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSegmentSecurityProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSegmentSecurityProfileBindingMap (schema)

Wrapper object for SegmentSecurityProfileBindingMap

Child wrapper object for SegmentSecurityProfileBindingMap, used in hierarchical API

Name Description Type Notes
SegmentSecurityProfileBindingMap SegmentSecurityProfileBindingMap

Contains the actual SegmentSecurityProfileBindingMap object
SegmentSecurityProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSegmentSecurityProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildService (schema)

Wrapper object for Service

Child wrapper object for Service, used in hierarchical API.

Name Description Type Notes
Service Service

Contains the actual Service object.
Service Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildService string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildServiceEntry (schema)

Wrapper object for ServiceEntry

Child wrapper object for ServiceEntry, used in hierarchical API.

Name Description Type Notes
Service ServiceEntry

This is a deprecated property, Please use 'ServiceEntry' instead.
ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Deprecated
ServiceEntry ServiceEntry

Contains the actual ServiceEntry object.
ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildServiceEntry string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildServiceInstanceEndpoint (schema)

Wrapper object for ServiceInstanceEndpoint

Child wrapper object for ServiceInstanceEndpoint used in hierarchical API.

Name Description Type Notes
ServiceInstanceEndpoint ServiceInstanceEndpoint

Contains actual ServiceInstanceEndpoint.
ServiceInstanceEndpoint Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildServiceInstanceEndpoint string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildServiceInterface (schema)

Wrapper object for ServiceInterface

Child wrapper object for ServiceInterface, used in hierarchical API.

Name Description Type Notes
ServiceInterface ServiceInterface

Contains the actual ServiceInterface object.
ServiceInterface Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildServiceInterface string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildServiceReference (schema)

Wrapper object for ServiceReference

Child wrapper object for ServiceReference used in hierarchical API.

Name Description Type Notes
ServiceReference ServiceReference

Contains actual ServiceReference.
ServiceReference Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildServiceReference string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildServiceSegment (schema)

Wrapper object for SerivceSegment

Child wrapper object for ServiceSegment, used in hierarchical API

Name Description Type Notes
ServiceSegment ServiceSegments

Contains the actual ServiceSegment objects
ServiceSegment Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildServiceSegment string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSessionTimerProfileBindingMap (schema)

Wrapper object for SessionTimerProfileBindingMap

Child wrapper object for SessionTimerProfileBindingMap,
used in hierarchical API

Name Description Type Notes
SessionTimerProfileBindingMap SessionTimerProfileBindingMap

Contains the actual SessionTimerProfileBindingMap object
SessionTimerProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSessionTimerProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildShaDynamicPlugin (schema)

Wrapper object for ShaDynamicPlugin

Child wrapper object for ShaDynamicPlugin, used in hierarchical API

Name Description Type Notes
ShaPluginProfile ShaDynamicPlugin

Contains the actual ShaDynamicPlugin object
ShaDynamicPlugin Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildShaDynamicPlugin string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildShaPluginProfile (schema)

Wrapper object for ShaPluginProfile

Child wrapper object for ShaPluginProfile, used in hierarchical API

Name Description Type Notes
ShaPluginProfile ShaPluginProfile

Contains the actual ShaPluginProfile object
ShaPluginProfile
(Abstract type: pass one of the following concrete types)
ShaDynamicPluginProfile
ShaPredefinedPluginProfile		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildShaPluginProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildShaPredefinedPlugin (schema)

Wrapper object for ShaDynamicPlugin

Child wrapper object for ShaPredefinedPlugin, used in hierarchical API

Name Description Type Notes
ShaPluginProfile ShaPredefinedPlugin

Contains the actual ShaPredefinedPlugin object
ShaPredefinedPlugin Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildShaPredefinedPlugin string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSite (schema)

Wrapper object for Site

Child wrapper object for Site, used in hierarchical API.

Name Description Type Notes
Site Site

Contains the actual Site object.
Site Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSite string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildSpoofGuardProfile (schema)

Wrapper object for SpoofGuardProfile

Child wrapper object for SpoofGuardProfile, used in hierarchical API

Name Description Type Notes
SpoofGuardProfile SpoofGuardProfile

Contains the actual SpoofGuardProfile object
SpoofGuardProfile Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildSpoofGuardProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildStandaloneHostIdfwConfiguration (schema)

Wrapper object for StandaloneHostIdfwConfiguration

Name Description Type Notes
StandaloneHostIdfwConfiguration StandaloneHostIdfwConfiguration

Contains the actual standalone host idfw configuration object.
StandaloneHostIdfwConfiguration Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildStandaloneHostIdfwConfiguration string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildStaticARPConfig (schema)

Wrapper object for StaticARPConfig

Child wrapper object for StaticARPConfig, used in hierarchical API.

Name Description Type Notes
StaticARPConfig StaticARPConfig

Contains the actual StaticARPConfig object.
StaticARPConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildStaticARPConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildStaticMimeContent (schema)

Wrapper object for Child Static MIME content

Child wrapper object for Static MIME content, used in hierarchical API

Name Description Type Notes
TlsProfile Static Mime Content

Contains the actual Static MIME content object.
StaticMimeContent Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildStaticMimeContent string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildStaticRouteBfdPeer (schema)

Wrapper object for StaticRouteBfdPeer

Child wrapper for StaticRouteBfdPeer, used in hierarchical API.

Name Description Type Notes
BfdPeer Static Route BFD Peer

Contains the actual StaticRouteBfdPeer object.
StaticRouteBfdPeer Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildStaticRouteBfdPeer string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildStaticRoutes (schema)

Wrapper object for StaticRoutes

Child wrapper object for StaticRoutes, used in hierarchical API.

Name Description Type Notes
StaticRoutes StaticRoutes

Contains the actual StaticRoutes object.
StaticRoutes Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildStaticRoutes string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTagBulkOperation (schema)

Child wrapper object for TagBulkOperation

Child wrapper object for TagBulkOperation, used in hierarchical API.

Name Description Type Notes
TagBulkOperation TagBulkOperation

Contains actual TagBulkOperation object.
TagBulkOperation Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTagBulkOperation string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier0 (schema)

Wrapper object for Tier-0

Child wrapper object for Tier-0, used in hierarchical API.

Name Description Type Notes
Tier0 Tier-0

Contains the actual Tier-0 object.
Tier0 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier0 string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier0DeploymentMap (schema)

Wrapper object for Tier0DeploymentMap

Child wrapper object for Tier0DeploymentMap, used in hierarchical API.

Name Description Type Notes
Tier0DeploymentMap Tier0DeploymentMap

Contains the actual Tier0DeploymentMap object.
Tier0DeploymentMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier0DeploymentMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier0Interface (schema)

Wrapper object for Tier0Interface

Child wrapper object for Tier0Interface, used in hierarchical API.

Name Description Type Notes
Tier0Interface Tier0Interface

Contains the actual Tier0Interface object.
Tier0Interface Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier0Interface string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier0RouteMap (schema)

Wrapper object for Tier0RouteMap

Child wrapper object for Tier0RouteMap, used in hierarchical API

Name Description Type Notes
Tier0RouteMap Tier0RouteMap

Contains the actual Tier0RouteMap object
Tier0RouteMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier0RouteMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier0SecurityFeatures (schema)

Wrapper object for T0 Security Feature

Child wrapper object for T0 Security Feature, used in hierarchical API

Name Description Type Notes
Tier0SecurityFeatures T0 Security configs

Contains the actual TO SecurityFeatures object
Tier0SecurityFeatures Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier0SecurityFeatures string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier1 (schema)

Wrapper object for Tier-1

Child wrapper object for Tier-1 , used in hierarchical API.

Name Description Type Notes
Tier1 Tier-1

Contains the actual Tier-1 object.
Tier1 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier1 string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier1DeploymentMap (schema)

Wrapper object for Tier1DeploymentMap

Child wrapper object for Tier1DeploymentMap, used in hierarchical API.

Name Description Type Notes
Tier1DeploymentMap Tier1DeploymentMap

Contains the actual Tier1DeploymentMap object.
Tier1DeploymentMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier1DeploymentMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTier1Interface (schema)

Wrapper object for Tier1Interface

Child wrapper object for Tier1Interface, used in hierarchical API.

Name Description Type Notes
Tier1Interface Tier1Interface

Contains the actual Tier1Interface object.
Tier1Interface Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTier1Interface string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTlsCertificate (schema)

Wrapper object for TlsCertificate

Child wrapper for TlsCertificate, used in hierarchical API.

Name Description Type Notes
TlsCertificate TlsCertificate

Contains the actual TlsCertificate object.
TlsCertificate Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTlsCertificate string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTlsConfigProfileBindingMap (schema)

Wrapper object for TlsConfigProfileBindingMap

Child wrapper object for TlsConfigProfileBindingMap,
used in hierarchical API

Name Description Type Notes
SessionTimerProfileBindingMap TlsConfigProfileBindingMap

Contains the actual TlsConfigProfileBindingMap object
TlsConfigProfileBindingMap Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTlsConfigProfileBindingMap string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTlsCrl (schema)

Wrapper object for TlsCrl

Child wrapper for TlsCrl, used in hierarchical API.

Name Description Type Notes
TlsCrl TlsCrl

Contains the actual TlsCrl object.		 TlsCrl Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTlsCrl string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTlsPolicy (schema)

Wrapper object for TlsPolicy

Child wrapper object for TLSPolicy, used in hierarchical API

Name Description Type Notes
TlsPolicy TlsPolicy

Contains the actual TLSPolicy object
TlsPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTlsPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTlsProfile (schema)

Wrapper object for Child TLS Profile

Child wrapper object for TLS Profile, used in hierarchical API

Name Description Type Notes
TlsProfile TLS Profile

Contains the actual TLS profile object.
TlsProfile
(Abstract type: pass one of the following concrete types)
TlsInspectionExternalProfile
TlsInspectionInternalProfile		 Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTlsProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTlsRule (schema)

Wrapper object for Rule

Child wrapper object for Rule, used in hierarchical API

Name Description Type Notes
TlsRule TLS Rule

Contains the actual TLS Rule object
TlsRule Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTlsRule string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTlsTrustData (schema)

Wrapper object for TlsTrustData

Child wrapper for TlsTrustData, used in hierarchical API.

Name Description Type Notes
TlsTrustData TlsTrustData

Contains the actual TlsTrustData object.
TlsTrustData Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTlsTrustData string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTraceflowConfig (schema)

Wrapper object for TraceflowConfig

Child wrapper for TraceflowConfig, used in hierarchical API

Name Description Type Notes
TraceflowConfig TraceflowConfig

Contains the actual TraceflowConfig object.
TraceflowConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildTraceflowConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildTypesRequestParameter (schema)

Filter to populate child types of the policyConfigResource

Specified child resource types will be populated in the response body

Name Description Type Notes
base_path Base Path for retrieving hierarchical intent

Base path of the resource for which user wants to retrieve the hierarchy. This should be the fully qualified path for the resource. - Sample examples - base_path=/infra/domains/default/groups/Group1 base_path=/infra/domains/default/security-policies/SecurityPolicy1/rules/Rule1		 string
filter Filter string as java regex

Filter string, can contain multiple or single java regular expressions
separated by ';'.
By default populates immediate child resources of the resource indicated by the URL.
These child resources will be filtered by the type provided in the filter.
It is recommended to use type_filter parameter instead of filter parameter.
- Sample query string to prevent loading services and deployment zones:
filter=Type-^(?!.*?(?:Service|DeploymentZone)).*$
- Sample query string to populate all the Group objects under Infra & Domain:
filter=Type-Domain%7CGroup
- Sample query string to load every policy object under Infra:
filter=Type-.*
string
type_filter Filter string to retrieve hierarchy.

Advanced filter string in which user can directly specify the resourceTypes to be filtered. Can be used in conjunction with base_path. - Sample example of type_filter to load all groups - type_filter=Group - Sample example of multiple type_filter - type_filter=Group;SercurityPolicy;RedirectionPolicy - Sample eaxmple to load all groups in default domain using base_path in conjunction with type_filter - base_path=/infra/domains/default&type_filter=Group		 string

ChildVMTagReplicationPolicy (schema)

Wrapper object for VMTagReplicationPolicy

Child wrapper object for VMTagReplicationPolicy, used in hierarchical API

Name Description Type Notes
VMTagReplicationPolicy VMTagReplicationPolicy

Contains the actual VMTagReplicationPolicy object
VMTagReplicationPolicy Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildVMTagReplicationPolicy string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildVirtualEndpoint (schema)

Wrapper object for VirtualEndpoint

Child wrapper object for VirtualEndpoint used in hierarchical API.

Name Description Type Notes
VirtualEndpoint VirtualEndpoint

Contains reference to actual VirtualEndpoint.
VirtualEndpoint Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildVirtualEndpoint string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ChildVniPoolConfig (schema)

Wrapper object for VniPoolConfig

Child wrapper object for VniPoolConfig, used in hierarchical API.

Name Description Type Notes
VniPoolConfig VniPoolConfig

Contains the actual VniPoolConfig object.
VniPoolConfig Required
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mark_for_override Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

If this field is set to true, delete operation is triggered on the
intent tree. This resource along with its all children in intent tree
will be deleted. This is a cascade delete and should only be used if
intent object along with its all children are to be deleted. This does
not support deletion of single non-leaf node within the tree and should
be used carefully.
boolean Default: "False"
request_parameter Generic type for passing the API request parameters. PolicyRequestParameter
(Abstract type: pass one of the following concrete types)
PolicyRequestParameter
SegmentRequestParameter
TraceflowRequestParameter
resource_type Must be set to the value ChildVniPoolConfig string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CidrArrayConstraintValue (schema)

Array of CIDR Values to perform operation

List of CIDR values

Name Description Type Notes
resource_type Must be set to the value CidrArrayConstraintValue string Required
Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue
values Array of IP addresses

This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64".		 array of IPElement Required
Minimum items: 1
Maximum items: 100

CidrBlock (schema)

IPv4 CIDR Block

Stores information about IPv4 CIDR block.

Name Description Type Notes
CidrBlock IPv4 CIDR Block

Stores information about IPv4 CIDR block.		 string Format: ipv4-cidr-block

CipherSuite (schema)

TLS cipher suite

Name Description Type Notes
enabled Enable status for this cipher suite boolean Required
name Name of the TLS cipher suite string Required

ClasslessStaticRoute (schema) (Deprecated)

DHCP classless static route option

DHCP classless static route option.

Name Description Type Notes
network Destination in CIDR

Destination network in CIDR format.		 IPElement Required
next_hop Router

IP address of next hop of the route.		 IPAddress Required

ClearPasswordActionParameters (schema)

Name Description Type Notes
action string Enum: clear_password

ClientAuthType (schema) (Deprecated)

client authentication mode

Client authentication could be REQUIRED or IGNORE.
REQUIRED means that client is required to present its
certificate to the server for authentication. To be accepted, client
certificate must be signed by one of the trusted Certificate
Authorities (CAs), also referred to as root CAs, whose self signed
certificates are specified in the same client SSL profile binding.
IGNORE means that client certificate would be ignored.

Name Description Type Notes
ClientAuthType client authentication mode

Client authentication could be REQUIRED or IGNORE.
REQUIRED means that client is required to present its
certificate to the server for authentication. To be accepted, client
certificate must be signed by one of the trusted Certificate
Authorities (CAs), also referred to as root CAs, whose self signed
certificates are specified in the same client SSL profile binding.
IGNORE means that client certificate would be ignored.
string Deprecated
Enum: REQUIRED, IGNORE

ClientSslProfileBinding (schema) (Deprecated)

Name Description Type Notes
certificate_chain_depth the maximum traversal depth of client certificate chain

authentication depth is used to set the verification depth in the client
certificates chain.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
client_auth client authentication mode ClientAuthType Default: "IGNORE"
client_auth_ca_ids CA identifier list to verify client certificate

If client auth type is REQUIRED, client certificate must be signed by
one of the trusted Certificate Authorities (CAs), also referred to as
root CAs, whose self signed certificates are specified.
array of string
client_auth_crl_ids CRL identifier list to verify client certificate

A Certificate Revocation List (CRL) can be specified in the client-side
SSL profile binding to disallow compromised client certificates.
array of string
default_certificate_id default service certificate identifier

A default certificate should be specified which will be used if the
server does not host multiple hostnames on the same IP address or if
the client does not support SNI extension.
string Required
sni_certificate_ids SNI certificate identifier list

Client-side SSL profile binding allows multiple certificates, for
different hostnames, to be bound to the same virtual server.
array of string
ssl_profile_id client SSL profile identifier

Client SSL profile defines reusable, application-independent client side
SSL properties.
string

ClientTypeCollectionConfiguration (schema)

HPM client data collection configuration

Name Description Type Notes
client_type Client Type

The client type for which this data collection frequency setting applies		 string Required
Enum: HYPERVISOR, EDGE, CONTROL_PLANE, CONTROL_PLANE_PLATFORM, MANAGEMENT_PLANE, MANAGEMENT_PLANE_PLATFORM
data_type_configurations Data type configurations

The set of data collection type configurations, one for each data collection type		 array of DataTypeCollectionConfiguration Required

CloudAccount (schema)

Cloud Account

Stores information about a cloud account like cloud type and insatnce
statistics.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auth_users Authrized Users

List of authorized users.		 array of CloudUserInfo Readonly
cloud_type Cloud Type string Required
Enum: AWS, AZURE, GOOGLE, AZURE_GOV_US, AWS_GOV_US_EAST, AWS_GOV_US_WEST
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
instance_stats Instance statistics

Stores statistics of the number of managed, unmanaged and error virtual
machines.
InstanceStats Readonly
last_inventory_sync_date Last inventory sync date

Time when last inventory syncing completed.
integer Readonly
regions_config List of regions configuration for the cloud account

Configured list of regions to be used for the cloud account.
RegionListConfig
resource_type Must be set to the value CloudAccount string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tenant_id Tenant ID

Tenant ID of the cloud account.		 string Readonly

CloudAccountStatus (schema)

Cloud Account status

Stores the status of cloud account like credentials validity status and
inventory synchronization status.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
credentials_status Credentials Status

Status of the cloud account credentials synced at the auto interval.
string Readonly
Enum: VALID, INVALID
inventory_sync_status Inventory Synchronization Status

Status of inventory synchronization process.		 string Readonly
Enum: SYNCED, IN_PROGRESS

CloudErrorDetails (schema)

Cloud Error Details

Stores information about error.

Name Description Type Notes
error_id Error ID

ID of the error.		 integer Readonly
error_message Error Message

Detailed message about the error.		 string Readonly

CloudGatewayPrivateIpAddress (schema)

Private IP address of the gateway

Name Description Type Notes
gateway_ha_index Index of HA that indicates whether gateway is primary or secondary. If index is 0, then it is primary gateway. Else secondary gateway. integer Readonly
Minimum: 0
private_ip Secondary Private IP

The secondary Private IP allocated on the gateway's uplink interface.
string Readonly
Format: ipv4

CloudIpAllocationConfig (schema)

Cloud IP Allocation Configuration

Configuration parameters to create IP allocations that will be used for
containers. These containers will be deployed in an Aws Vpc or Azure Vnet.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cloud_account_id Cloud Account ID

ID of the Cloud Account in which the IPs are allocated.
string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_allocation_mode IP Allocation Mode

PUBLIC_IP: Allocate new public IP.
LINK_LOCAL_IP: Allocate new link local IP.
string Enum: PUBLIC_IP, LINK_LOCAL_IP
Default: "PUBLIC_IP"
ip_allocation_type IP allocation type

Based on the type, IP allocation will be done accordingly.
Legal values are PAS and NAT.
string Enum: PAS, NAT
Default: "PAS"
number_of_allocations Number of IP allocations required. integer Required
resource_type Must be set to the value CloudIpAllocationConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CloudIpAllocationMapping (schema)

Cloud IP Allocation Mapping

Information about Cloud IP mapping and allocation state.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
allocated_ip Public/link local IP string Readonly
Format: ipv4
gateway_private_ips Secondary Private IP Addresses

List of secondary Private IPs allocated on the gateway's uplink interface.		 array of CloudGatewayPrivateIpAddress Readonly

CloudIpAllocationMappings (schema)

Cloud IP Allocation Mappings

Information about Cloud IP mappings.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cloud_account_id Cloud Account ID

ID of the Cloud Account in which the IPs are allocated.
string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_code Error code for IP allocation failure integer Readonly
error_message Error message for IP allocation failure string Readonly
id Unique identifier of this resource string Sortable
ip_allocation_type IP allocation type

Based on the type, IP allocation will be done accordingly.
Legal values are PAS and NAT.
string Readonly
Enum: PAS, NAT
Default: "PAS"
ip_mappings IP mappings for a foundation. array of CloudIpAllocationMapping Readonly
ip_operation_status IP Allocation State

Indicates the state of the IP allocation or de-allocation.
ALLOCATION_IN_PROGRESS: IP allocation is in progress.
DELETION_IN_PROGRESS: IP de-allocation or deletion is in progress.
SUCCESSFUL: IP allocation is successful. Successful de-allocation can
be confirmed if the status API for this mapping returns a 404 error.
FAILED: IP allocation or de-allocation failed.
string Readonly
Enum: ALLOCATION_IN_PROGRESS, DELETION_IN_PROGRESS, SUCCESSFUL, FAILED
resource_type Must be set to the value CloudIpAllocationMappings string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CloudNativeDeploymentAction (schema)

Action

Action to be perform on deployment.

Name Description Type Notes
action Deployment action

Action can be deploy or undeploy.
DEPLOY - Deploy NSX Application Platform charts.
UNDEPLOY - Undeploy NSX Application Platform charts.
REDEPLOY - Redeploy NSX Application Platform charts.
UPDATE_FORMFACTOR - Upgrade NSX Application Platform charts.
REDEPLOY_UPDATE_FORMFACTOR - Retry update NSX Application Platform charts.
FORCE_UNDEPLOY - Undeploy forcefully.
RESTART - Restart deployment.
RESET - Reset deployment.
string Required
Enum: DEPLOY, UNDEPLOY, REDEPLOY, UPDATE_FORMFACTOR, REDEPLOY_UPDATE_FORMFACTOR, FORCE_UNDEPLOY, RESTART, RESET

CloudNativeDeploymentConfig (schema)

Common configuration for NSX Application Platform deployments

Configuration for NSX Application Platform deployment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cluster_id Kubernetes cluster id

Unique id to identify kubernetes guest cluster.		 string
deployment_action Deployment action

Deployment action.		 CloudNativeDeploymentAction
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
kubeconf_info Kubeconfig info

Information about kubeconfig file.
KubeconfigInfo
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value CloudNativeDeploymentConfig string
storage_class Kubernetes storage class

Kubernetes storage class		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
version Deployment version in use

Deployment version in use.		 string

CloudNativeServiceInstance (schema)

Stores the information about cloud native service instance.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External id of cloud native service instance in the system.

Id of service instance fetched from public cloud.
string Required
Readonly
resource_type Must be set to the value CloudNativeServiceInstance string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
service_type Type of cloud native service; possible values are ELB, RDS

Type of cloud native service.		 string Required
Readonly
source Reference of the public cloud gateway

Reference of the public cloud gateway that reported the service instance.		 ResourceReference Required
Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CloudNativeServiceInstanceListRequestParameters (schema)

Request parameters to get list of cloud native service instances.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
display_name Display Name of the cloud native service instance

Name of cloud native service instance.		 string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
service_type Type of cloud native service; possible values are ELB, RDS

Type of cloud native service.		 string
sort_ascending boolean
sort_by Field by which records are sorted string
source NSX node id of the public cloud gateway that reported the service instance

NSX node id of the public cloud gateway that reported the service instance.		 string

CloudNativeServiceInstanceListResult (schema)

Stores a list of cloud native service instances and information about them.
NSX supported service instances are currently limited to
Relational Database Service (RDS),Elastic Load Balancing (ELB).

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CloudNativeServiceInstance list results

List of cloud native service instances		 array of CloudNativeServiceInstance Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CloudSecurityGroup (schema)

Cloud Security Group

Stores information about a cloud security group.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cloud_tags Cloud Tags

Array of tags associated to a cloud security group.
array of CloudTag Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
instances_count Count Of Instances

Number of instances associated to cloud security group.		 integer Readonly
is_managed_by_nsx Is Managed By NSX

If the flag is true, the cloud security group is managed by NSX.
boolean Readonly
region_id Region ID

ID of the cloud region.		 string Readonly
resource_type Must be set to the value CloudSecurityGroup string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
security_group_id Security Group ID

ID of the cloud security group.		 string Readonly
security_group_name Security Group Name

Name of the cloud security group.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CloudSecurityGroupRule (schema)

Cloud Security Group Rule

Stores information about a cloud security group rule.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
destination Destination

Destination corresponding to the cloud security group rule.
string Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
port_range Port Range

Port range corresponding to the cloud security group rule.
string Readonly
protocol Protocol

Protocol corresponding to the cloud security group rule.
string Readonly
resource_type Must be set to the value CloudSecurityGroupRule string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
source Source

Source corresponding to the cloud security group rule.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CloudServiceEndpoint (schema)

Cloud Service Endpoint

Stores information about any service endpoint which is provided in the
cloud. Example services include the cloud provided equivalent service for
Storage, Database or Load Balancer.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
nsx_security_groups NSX security groups array

Stores an array of NSX security groups associated to this cloud service
endpoint.
array of SecurityGroup Readonly
resource_type Must be set to the value CloudServiceEndpoint string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
service_endpoint_id Service Endpoint ID

Cloud provided ID of the service endpoint.		 string Readonly
service_endpoint_type Service Endpoint Type

Cloud provided type of the service endpoint.		 string Readonly
service_name Service Name

Name of the cloud service the endpoint is associated with.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CloudTag (schema)

Cloud Tag

Stores the key-value pair of cloud tag.

Name Description Type Notes
key Tag Key

Key of the cloud tag.		 string Readonly
value Tag Value

Value of the cloud tag.		 string Readonly

CloudTypeConfig (schema)

Cloud types information

These parameters will be used to display the list of clouds and
whether they are enabled (desired) / disabled (undesired) by the user.

Name Description Type Notes
cloud_type Cloud Type

Name of the cloud vendor.		 string Readonly
Enum: AWS, AZURE, AWS_GOV_US_EAST, AWS_GOV_US_WEST, AZURE_GOV_US
enabled Flag to enable specific cloud-type to be managed by CSM

A particular cloud type is configured by the user to be enabled
or not in the list of desired cloud types.
boolean Required

CloudTypeConfigList (schema)

Cloud types list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cloud_types Cloud types list array of CloudTypeConfig
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CloudTypeInfo (schema)

Cloud Type information

Name Description Type Notes
cloud_type Cloud Type

Name of the cloud vendor.		 string Readonly
Enum: AWS, AZURE, AWS_GOV_US_EAST, AWS_GOV_US_WEST, AZURE_GOV_US

CloudUserInfo (schema)

User information

Name Description Type Notes
display_name Display name of the user string Readonly
id ID of the user string Readonly

CloudVirtualMachine (schema)

Cloud Virtual Machine Information

Stores information about a Virtual Machine

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
agent_status Agent Status

UP - NSX Agent is up and running
DOWN - NSX Agent is down
NO_AGENT - No NSX Agent installed on instance
UNKNOWN - NSX Agent status is unknown
NEEDS_UPDATE - NSX Agent running on instance needs to be updated
string Readonly
Enum: UP, DOWN, NO_AGENT, UNKNOWN, NEEDS_UPDATE
agent_version Agent version details string Readonly
associated_account_ids Associated Cloud Account IDs

Array of associated cloud account IDs.		 array of string
cloud_instance_type Cloud Instance Type

This field represents various type of service instances in cloud.
VIRTUAL_MACHINE: Virtual machine deployed in public cloud.
AWS_RDS_INSTANCE: Amazon Relational Database Service Instance.
AWS_RDS_CLUSTER: Amazon Relational Database Service Cluster.
AWS_APPLICATION_ELB_INSTANCE: Amazon Application Elastic LoadBalancer.
AWS_CLASSIC_ELB_INSTANCE: Amazon Classic Elastic LoadBalancer.
HORIZON_MANAGEMENT: Virtual Machines that are deployed on Microsoft Azure using
Horizon Cloud Services(HCS) that are used for managing other instances
in the network. This includes, Management VMs, Unified Access Gateway (UAG) VMs, Base VMs.
HORIZON_VDI: Virtual Desktop Image (VDI) deployed on Microsoft Azure using Horizon
Cloud Services(HCS).
string Readonly
Enum: VIRTUAL_MACHINE, AWS_RDS_INSTANCE, AWS_RDS_CLUSTER, AWS_APPLICATION_ELB_INSTANCE, AWS_CLASSIC_ELB_INSTANCE, HORIZON_MANAGEMENT, HORIZON_VDI
cloud_tags Cloud tags for the instance array of CloudTag Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_messages List of error messages

List of error messages identified. Returns only error messages
identified in the last 1 hour.
array of ComputeInstanceErrorMessage Readonly
gateway_ha_index Gateway HA Index

Index of HA that indicates whether gateway is primary or secondary.
If index is 0, then it is primary gateway. Else secondary gateway.
integer
gateway_status Gateway Status string Readonly
Enum: UP, DOWN, DEPLOYING, NOT_AVAILABLE, UNDEPLOYING, COPYING_IMAGE
id Unique identifier of this resource string Sortable
is_gateway Flag to identify if this instance is a gateway node boolean Readonly
is_gateway_active Flag to identify if this instance is an active gateway node boolean Readonly
logical_switch_display_name Logical Switch display name string Readonly
logical_switch_id Logical Switch ID string Readonly
managed_by_nsx Indicate if instance is managed by NSX or not boolean Required
Readonly
nsx_failed_rules_count NSX failed rules count

Number of NSX firewall rules failed to realize on cloud for the instance.
integer Readonly
nsx_ip IP address provided by NSX string Readonly
nsx_security_group_mapping NSX Security Group Mapping

Map of cloud security groups associated to the instance and
corresponding NSX security groups.
array of SecurityGroupDetails Readonly
nsx_security_rule_errors NSX Security Rule Errors

DEPRECATED. Array of NSX security rule realization errors.
To get this information call /csm/virtual-machines//firewall-rules
array of NsxSecurityRuleErrorDetails Deprecated
Readonly
nsx_security_rule_errors_count NSX Security Rule Errors Count

DEPRECATED. Count of the NSX security rule realization errors.
To get this information call /csm/virtual-machines//firewall-rules
integer Deprecated
Readonly
nsx_successful_rules_count NSX successful rules count

Number of NSX firewall rules successfully configured for this instance.
integer Readonly
os_details Operating system details string Readonly
os_type Operating system of the instance string Readonly
private_ip Private IP address of the instance string Readonly
public_ip Public IP address of the instance string Readonly
quarantine_state Quarantine State

Indicates the quarantine state of the instance.
QUARANTINED - This state implies instance is moved to quarantine security
group because some threat has been detected.
NOT_QUARANTINED - This state implies no quarantine action has been
taken.
UNKNOWN - This state implies either quarantine policy is disabled or
quarantine information is not available.
OVERRIDDEN - This state implies instance is associated with vm_override_sg
which overrides any action based on threat detection.
WHITELISTED - This state implies that quarantine operation will not
be performed on the instance [DEPRECATED - replaced with USERMANAGED].
USERMANAGED - This state implies that quarantine operation will not
be performed on the instance.
NOT_APPLICABLE - This state will be populated for agentless instance, Horizon Management instance.
string Readonly
Enum: QUARANTINED, NOT_QUARANTINED, UNKNOWN, OVERRIDDEN, WHITELISTED, USERMANAGED, NOT_APPLICABLE
resource_type Must be set to the value CloudVirtualMachine string Required
Enum: AwsVirtualMachine, AzureVirtualMachine
segment_display_name Segment display name

Segment display name on which this instance resides.
string Readonly
segment_id Segment ID

Segment ID on which this instance resides.
string Readonly
status Instance status

POWERED_ON - Powered on instance
POWERED_OFF - Powered off instance
MANAGED_GATEWAY - Instances that are public cloud gateways
MANAGED - Instances that are managed by NSX
UNMANAGED - Instances that are not managed by NSX or untagged
ERRORED - Instances with no NSX Agent connectivity, NSX Agent is down,
No NSX Policy configured for Agentless VMs or Error on NSX Policy
rule realization.
QUARANTINED - Instances which have been quarantined
WHITELISTED - Instances which have been whitelisted [DEPRECATED - replaced with USERMANAGED]
USERMANAGED - Instances which have been marked as usermanaged.
string Readonly
Enum: POWERED_ON, POWERED_OFF, UNMANAGED, MANAGED_GATEWAY, MANAGED, ERRORED, QUARANTINED, WHITELISTED, USERMANAGED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
threat_state Threat State

Indicates the threat state of the instance.
NORMAL - This state implies no threat has been detected and instance is
functioning as expected.
THREAT - This state implies quarantine enabling threat has been
detected.
INVALID - This state implies either instance is unmanaged or threat related
information is not available.
NOT_APPLICABLE - This state will be populated for agentless instance.
string Readonly
Enum: NORMAL, THREAT, INVALID, NOT_APPLICABLE
vm_config_status Status for user configurable properties VmConfigStatus Readonly
vm_extension_execution_status VM extension script execution status

UNKNOWN - This is the default state. Indicates no information available
regarding extension execution. This can potentially occur for
a VM when agent is installed out of band or if
cloud_agent_automated_install_enabled flag is enabled for the
VNET/VPC which already has managed VMs.
SUCCESSFUL - Indicates VM extension script execution was successful.
This does not necessarily mean agent installation was
successful.
FAILED - Indicates VM extension script execution failed.
string Readonly

CloudVirtualMachinesListRequestParameters (schema)

Cloud Virtual Machines List Request Parameters

A set of optional filter parameters to list cloud virtual machines

Name Description Type Notes
account_id Account ID

Optional identifier for account based on which virtual machines are to
be filtered
string
agent_status Agent Status

UP - NSX Agent is up and running
DOWN - NSX Agent is down
NO_AGENT - No NSX Agent installed on instance
UNKNOWN - NSX Agent status is unknown
UPDATE_AVAILABLE - NSX Tools can be upgraded to a newer version that's available
NEEDS_UPDATE - NSX Tools running on the instance needs to be updated for proper functioning
string Readonly
Enum: UP, DOWN, NO_AGENT, UNKNOWN, UPDATE_AVAILABLE, NEEDS_UPDATE
cloud_security_group_id Security Group ID

Optional identifier to limit results of VMs associated with the
provided cloud security group. For AWS, provide the group id.
For Azure, provide the resourceGuid of the Azure security group.
string Readonly
cloud_type Cloud Type

Optional identifier for cloud provider based on which Virtual Machines
are to be filtered
string Enum: AWS, AZURE
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
instance_id Instance ID

Optional identifier for virtual machine based on which the list can be
filtered
string
is_gateway Is the VM a gateway node?

Optional identifier based on which only gateway Virtual Machines can be
filtered
boolean
logical_switch_id Logical Switch ID

Optional identifier for logical switch based on which Aws Virtual
Machines are to be filtered
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
public_ip Public IP address of the virtual machine

Optional identifier for public IP based on which Virtual Machines are
to be filtered
string
quarantine_state Quarantine State

Identifier for quarantine state based on which Virtual Machines are to
be filtered.
QUARANTINED - This state implies instance is moved to quarantine security
group because some threat has been detected.
NOT_QUARANTINED - This state implies no quarantine action has been
taken.
UNKNOWN - This state implies either quarantine policy is disabled or
quarantine information is not available.
OVERRIDDEN - This state implies instance is associated with vm_override_sg
which overrides any action based on threat detection.
string Readonly
Enum: QUARANTINED, NOT_QUARANTINED, UNKNOWN, OVERRIDDEN
region_id Region ID

Optional identifier for AWS or Azure region based on which Virtual
Machines are to be filtered
string
resource_type Resource Type

Optional identifier for listing virtual machines of a particular cloud
provider. Possible values are in the form of VirtualMachine prefixed by
cloud name. For example, AwsVirtualMachine or AzureVirtualMachine.
string Enum: AwsVirtualMachine, AzureVirtualMachine
segment_id Segment ID

Optional identifier for segment based on which Virtual Machines are to
be filtered.
string
sort_ascending boolean
sort_by Field by which records are sorted string
status_filter Filter by Virtual machine status

POWERED_OFF - Powered off instances.
MANAGED - Instances that are managed by NSX or tagged.
UNMANAGED - Instances that are not managed by NSX or untagged.
ERRORED - Instances with no NSX Tools connectivity, NSX Tools is down,
No NSX Policy configured for Native cloud security enforced instances or
Error on NSX Policy rule realization.
WHITELISTED - Instances which have been marked allowed by NSX [DEPRECATED - replaced with USERMANAGED].
USERMANAGED - Instances which have been marked allowed by NSX.
QUARANTINED - Instances that have been quarantined because some
threat has been detected.
NEEDS_UPDATE - NSX Tools running on instance is out of date and needs to be updated.
HORIZON_VDI - Instances on Microsoft Azure that are part of the Horizon Cloud Services (HCS).
string Readonly
Enum: POWERED_OFF, MANAGED, UNMANAGED, ERRORED, WHITELISTED, USERMANAGED, QUARANTINED, NEEDS_UPDATE, HORIZON_VDI
vnet_id Azure virtual network ID

Optional identifier for Azure virtual network based on which Azure
Virtual Machines are to be filtered. It consists of resourceGuid of Azure Vnet.
string
vpc_id AWS VPC ID

Optional identifier for AWS VPC based on which Virtual Machines are to
be filtered
string

CloudVirtualMachinesListResult (schema)

Cloud Virtual Machines List Result

Stores a list of cloud virtual machines

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of cloud virtual machines		 array of CloudVirtualMachine
(Abstract type: pass one of the following concrete types)
AwsVirtualMachine
AzureVirtualMachine
CloudVirtualMachine
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ClusterBackupInfo (schema)

Cluster backup details

Name Description Type Notes
ip_address IP address or FQDN of the node from which the backup was taken string Required
Readonly
Format: hostname-or-ip
node_id ID of the node from which the backup was taken string Required
Readonly
restore_type Type of restore allowed array of string Readonly
Enum: REGULAR_RESTORE, POLICY_ONLY_RESTORE
Default: "[]"
timestamp timestamp of the cluster backup file EpochMsTimestamp Required
Readonly

ClusterBackupInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of timestamps of backed-up cluster files array of ClusterBackupInfo Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ClusterCertificateId (schema)

Cluster Certificate ID

Name Description Type Notes
certificate_id Certificate ID string Required

ClusterConfig (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cluster_id Unique identifier of this cluster string Required
Readonly
control_cluster_changes_allowed True if control cluster nodes may be added or removed boolean
mgmt_cluster_changes_allowed True if management cluster nodes may be added or removed boolean
nodes Configuration of each node in cluster array of ClusterNodeInfo

ClusterConfiguration (schema)

Cluster configuration

The configuration of the NSX cluster. The cluster configuration consists of a list of cluster node attributes.

Name Description Type Notes
cluster_id UUID of the cluster string Readonly
config_version Cluster configuration version integer Readonly
nodes Nodes in the cluster configuration array of ClusterNode Readonly

ClusterControlPlane (schema)

Cluster Control Plane

Cluster control plane is a hierarchical extension of the NSX-T control plane.
It allows NSX to manage multiple clusters. There is an instance of cluster
control plane in each managed cluster. The cluster control plane is responsible
for the traffic management, span calculation and it can work on its own.
NSX-T central control plane distributes high-level network configurations
like security policies and groups to cluster control planes, and each
cluster control plane computes and realizes the configurations on the managed
cluster.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificate certificate for this cluster control plane

This property should be afford in create process.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildAntreaClusterInfo
ChildAntreaHeartbeatConfig
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
node_id Unique Id of the cluster control plane

This property is used to identify the cluster control plane in NSX-T.
This id should assigned by NSX-T in create process.
string
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ClusterControlPlane string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
vhc_path vhc path for this cluster control plane

This property should be afford in create process for VHC module
requirement.
string

ClusterControlPlaneDeleteRequestParameters (schema)

Cluster Control Plane Delete Request Parameters

Cluster Control Plane delete request parameters.

Name Description Type Notes
cascade Flag to indicate if force delete cluster references from the firewall security policies. boolean Default: "False"

ClusterControlPlaneListRequestParameters (schema)

Cluster Control Plane List Request Parameters

Cluster Control Plane list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ClusterControlPlaneListResult (schema)

Cluster Control Plane queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Cluster Control Plane Results

This property include all cluster control Plane in NSX-T.
array of ClusterControlPlane Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ClusterGroupMemberStatus (schema)

Status of a group member

This type contains the attributes and status of a group member.

Name Description Type Notes
member_fqdn FQDN of the group member string Readonly
Format: hostname
member_ip IP of the group member string Readonly
Format: ip
member_status Status of the group member string Readonly
Enum: UP, DOWN, UNKNOWN
member_uuid UUID of the group member string Readonly

ClusterGroupServiceLeader (schema)

Leader for a service of the group

Each cluster node entity provides multiple services. When working in a group, each service can elect a cluster node entity to be the leader of the service. Leader election helps in coordination of the service. The leader holds a renewable lease on the leadership for a fixed period of time. The lease version is incremented every time the leadership lease is renewed. This type contains the attributes of a leader.

Name Description Type Notes
leader_uuid Member UUID of the leader string Readonly
lease_version Number of times the lease has been renewed integer Readonly
service_name Name of the service string Readonly

ClusterGroupStatus (schema)

Status of a group

This type contains the attributes and status of a group.

Name Description Type Notes
group_id UUID of the group string Readonly
group_status Group status string Readonly
Enum: STABLE, DEGRADED, UNSTABLE, UNAVAILABLE
group_type Type of the group string Readonly
Enum: MANAGER, CONTROLLER, POLICY, HTTPS, DATASTORE, CLUSTER_BOOT_MANAGER, GLOBAL_MANAGER, ASYNC_REPLICATOR, MONITORING, IDPS_REPORTING, CORFU_NONCONFIG, CM-INVENTORY, MESSAGING-MANAGER
leaders Array of group leaders and their attributes array of ClusterGroupServiceLeader Readonly
members Array of group members and their statuses array of ClusterGroupMemberStatus Readonly

ClusterInitializationNodeInfo (schema)

The type provides the information of a non-running cluster node required for the initialization of a management cluster. The administrator needs to start this node for management cluster to initialize properly (or decommission it explicitly).

Name Description Type Notes
disk_store_id The (internal) disk-store ID of the member string Readonly
host_address The IP address (or domain name) of the cluster node string Readonly

ClusterMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name Description Type Notes
cluster_id The Antrea cluster id of the pod string Required
Readonly
cluster_name The Antrea cluster name of the pod string Required
Readonly
namespaces array of NamespaceMemberDetails Required

ClusterNode (schema)

Cluster Node Properties

This type contains attributes of a cluster node that are relevant to the Cluster Boot Manager.

Name Description Type Notes
entities Entities on the node array of ClusterNodeEntity Required
node_uuid UUID of the node string Required
status Current clustering status of the node string Enum: JOINING, JOINED, REMOVING, REMOVED
Default: "REMOVED"

ClusterNodeConfig (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
appliance_mgmt_listen_addr The IP and port for the appliance management API service on this node string Readonly
controller_role ControllerClusterRoleConfig
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id Internal identifier provided by the node string Readonly
id Unique identifier of this resource string Sortable
manager_role ManagementClusterRoleConfig
resource_type Must be set to the value ClusterNodeConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ClusterNodeConfigListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Cluster node configuration results array of ClusterNodeConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ClusterNodeEntity (schema)

Cluster Node Entity Properties

NSX Cluster is made up of multiple cluster nodes. Each node can perform multiple functions, commonly referred to as roles. Cluster node entities are processes running in a cluster node that assist in the performance of a role. Cluster Boot Manager is a daemon that securely bootstraps and configures the entities. This type contains attributes of a cluster node entity that are relevant to the Cluster Boot Manager.

Name Description Type Notes
certificate Public certificate of the entity in PEM format string Required
entity_type Type of the entity string Required
Enum: MANAGER, CONTROLLER, POLICY, HTTPS, CLUSTER_BOOT_MANAGER, DATASTORE, GLOBAL_MANAGER, ASYNC_REPLICATOR, MONITORING, IDPS_REPORTING, CORFU_NONCONFIG, UPGRADE_COORDINATOR, CM-INVENTORY, MESSAGING-MANAGER
entity_uuid UUID of the entity string Required
fqdn Domain name the entity binds to string Format: hostname
ip_address IP address the entity binds to string
port Port the entity binds to integer Minimum: 0
Maximum: 65535
subnet_prefix_length Subnet mask prefix length of the entity binds to integer Minimum: 0
Maximum: 32

ClusterNodeInfo (schema)

Name Description Type Notes
api_listen_addr The IP and port for the public API service on this node ServiceEndpoint Readonly
appliance_connection_info The IP, port and certificate for connecting to appliance. ServiceEndpoint Readonly
certificates Certificate and thumbprint of all entities array of NodeCertificateInfo
control_plane_listen_addr The IP and port for the control plane service on this node ServiceEndpoint Readonly
display_name The display name of this node string
entities Service endpoint of all entities array of NodeEntityInfo
fqdn The fqdn of this node string
msg_clients Messaging client of all entities array of NodeMessagingClientInfo
node_uuid Unique identifier of this node string Required
Readonly
status Node clustering status string Required
Readonly
Enum: JOINING, JOINED, REMOVING, REMOVED

ClusterNodeRole (schema)

Cluster node role

Enumerates the roles that can be specified in VM auto-deployment.

Name Description Type Notes
ClusterNodeRole Cluster node role

Enumerates the roles that can be specified in VM auto-deployment.
string Enum: CONTROLLER, MANAGER

ClusterNodeStatus (schema)

Name Description Type Notes
control_cluster_status Clustering status for control plane functions on this node ControlClusterNodeStatus Readonly
mgmt_cluster_status Clustering status for management plane functions on this node ManagementClusterNodeStatus Readonly
system_status Node status properties NodeStatusProperties Readonly
version Software version running on node string Readonly

ClusterNodeVMDeletionParameters (schema)

Parameters for DeleteAutoDeployedClusterNodeVM

Parameters for deletion of a cluster node VM.

Name Description Type Notes
force_delete Delete by force

If true, the VM will be undeployed even if it cannot be removed
from its cluster.
boolean

ClusterNodeVMDeploymentConfig (schema)

Configuration for deploying cluster node VM

Contains info used to configure the VM on deployment

Name Description Type Notes
placement_type Type of deployment

Specifies the config for the platform through which to deploy the VM
string Required
Enum: VsphereClusterNodeVMDeploymentConfig

ClusterNodeVMDeploymentProgressState (schema)

Deployment progress of node VM

Deployment progress state of node VM. This Object contains name of current deployment step and overall progress percentage.

Name Description Type Notes
current_step_title Name of the current step

Name of the current running step of deployment		 string Readonly
progress Progress percentage

Overall progress percentage of deployment completed		 integer Readonly

ClusterNodeVMDeploymentRequest (schema)

Info for an auto-deployment request

Contains the deployment information for a cluster node VM soon to be
deployed or already deployed by the Manager

Name Description Type Notes
deployment_config Deployment config for cluster node VM

Info needed to configure a cluster node VM at deployment for a
specific platform.
May require different parameters depending on the method used to deploy
the VM.
ClusterNodeVMDeploymentConfig
(Abstract type: pass one of the following concrete types)
ClusterNodeVMDeploymentConfig
VsphereClusterNodeVMDeploymentConfig		 Required
form_factor Form factor for cluster node VMs

Specifies the desired "size" of the VM
ClusterNodeVMFormFactor Default: "MEDIUM"
roles Cluster node roles of the VM

List of cluster node role (or roles) which the VM should take on.
They specify what type (or types) of cluster node which the new VM
should act as.
Currently both CONTROLLER and MANAGER must be provided, since this
permutation is the only one supported now.
array of ClusterNodeRole Required
user_settings User settings for the VM

Username and password settings for the cluster node VM.
Passwords must be at least 12 characters in length and contain at
least one lowercase, one uppercase, one numerical, and one special
character.
Note: These settings will be honored only during VM deployment.
Post-deployment, CLI must be used for changing the user settings and
changes to these parameters will not have any effect.
NodeUserSettings Required
vm_id ID of VM used to recognize it

ID of the VM maintained internally and used to recognize it.
Note: This is automatically generated and cannot be modified.
string Readonly

ClusterNodeVMDeploymentRequestList (schema)

ClusterNodeVMDeploymentRequest list

List of ClusterNodeVMDeploymentRequests

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of existing ClusterNodeVMDeploymentRequests
array of ClusterNodeVMDeploymentRequest Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ClusterNodeVMDeploymentStatusReport (schema)

Report of a VM's deployment status

Contains up-to-date information relating to an auto-deployed VM, including
its status and (potentially) an error message.

Name Description Type Notes
deployment_progress_state Deployment progress state of node VM

Detailed progress state of node VM deployment realization		 VMDeploymentProgressState Readonly
failure_code Error code for failure

In case of auto-deployment-related failure, the code for the error will
be stored here.
integer
failure_message Error message for failure

In case of auto-deployment-related failure, an error message will be
stored here.
string
status Auto-deployed VM's deployment status

Status of the addition or deletion of an auto-deployed cluster node VM.
string Required
Enum: UNKNOWN_STATE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, WAITING_TO_REGISTER_VM, VM_REGISTRATION_FAILED, VM_WAITING_TO_CLUSTER, VM_WAITING_TO_COME_ONLINE, VM_ONLINE_FAILED, VM_CLUSTERING_IN_PROGRESS, VM_CLUSTERING_FAILED, VM_CLUSTERING_SUCCESSFUL, WAITING_TO_UNDEPLOY_VM, VM_DECLUSTER_IN_PROGRESS, VM_DECLUSTER_FAILED, VM_DECLUSTER_SUCCESSFUL, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL

ClusterNodeVMFormFactor (schema)

Supported VM form factor for cluster nodes

Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM.

Name Description Type Notes
ClusterNodeVMFormFactor Supported VM form factor for cluster nodes

Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM.
string Enum: SMALL, MEDIUM, LARGE

ClusterProfile (schema)

This is an abstract type. Concrete child types:
BridgeHighAvailabilityClusterProfile
EdgeHighAvailabilityProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ClusterProfile ClusterProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ClusterProfileListParameters (schema)

ClusterProfile List Parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_system_owned Whether the list result contains system resources boolean Default: "True"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_type Type of cluster profile ClusterProfileType
sort_ascending boolean
sort_by Field by which records are sorted string

ClusterProfileListResult (schema)

Cluster Profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Cluster Profile Results array of ClusterProfile
(Abstract type: pass one of the following concrete types)
BridgeHighAvailabilityClusterProfile
EdgeHighAvailabilityProfile		 Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ClusterProfileType (schema)

Supported cluster profiles.

Name Description Type Notes
ClusterProfileType Supported cluster profiles. string Enum: EdgeHighAvailabilityProfile, BridgeHighAvailabilityClusterProfile

ClusterProfileTypeIdEntry (schema) (Deprecated)

Name Description Type Notes
profile_id key value string Required
resource_type ClusterProfileType

ClusterRestoreStatus (schema)

Cluster restore status

Name Description Type Notes
backup_timestamp Timestamp when backup was initiated in epoch millisecond EpochMsTimestamp Readonly
endpoints The list of allowed endpoints, based on the current state of the restore process array of ResourceLink Required
Readonly
id Unique id for backup request string Readonly
instructions Instructions for users to reconcile Restore operations array of InstructionInfo Readonly
not_allowed_actions List of actions that are not allowed array of string Readonly
Enum: VC_UPDATES
Default: "[]"
restore_end_time Timestamp when restore was completed in epoch millisecond EpochMsTimestamp Readonly
restore_start_time Timestamp when restore was started in epoch millisecond EpochMsTimestamp Readonly
status GlobalRestoreStatus
step RestoreStep
total_steps Total number of steps in the entire restore process integer Readonly

ClusterRestoreStatusRequestParameters (schema)

Name Description Type Notes
restore_component string Readonly
Enum: LOCAL_MANAGER, GLOBAL_MANAGER
Default: "LOCAL_MANAGER"

ClusterRoleConfig (schema)

Name Description Type Notes
type Type of this role configuration string Required
Readonly
Enum: ManagementClusterRoleConfig, ControllerClusterRoleConfig

ClusterStatus (schema)

Name Description Type Notes
cluster_id Unique identifier of this cluster string Readonly
control_cluster_status The current status of the control cluster ControllerClusterStatus Deprecated
Readonly
detailed_cluster_status Status of all the cluster groups AllClusterGroupStatus Readonly
mgmt_cluster_status The current status of the management cluster ManagementClusterStatus Deprecated
Readonly

ClusterVirtualIpProperties (schema)

Cluster virtual IP properties

Name Description Type Notes
ip_address Virtual IP address, 0.0.0.0 if not configured string Required

ClusteringConfig (schema)

Configuration for VM's clustering

Configuration for automatically joining a cluster node to the
cluster after it is deployed. ClusteringConfig is required
if any of the deployment nodes has CONTROLLER role.

Name Description Type Notes
clustering_type Type for the clustering config

Specifies the type of clustering config to be used.
string Required
Enum: ControlClusteringConfig

ClusteringInfo (schema)

Clustering parameters for the controller cluster

Name Description Type Notes
join_to_existing_cluster True If the controller node should join an existing cluster

Property to indicate if the node must join an existing cluster.		 boolean Required
shared_secret Shared Secret of the cluster

Shared secret of the cluster.		 string Required

ClusteringStatus (schema)

Name Description Type Notes
ClusteringStatus string Enum: CONNECTED, DISCONNECTED, UNKNOWN

ClustersAggregateInfo (schema)

Name Description Type Notes
cluster_status Status of all the cluster groups AllClusterGroupStatus
controller_cluster Array of Controller Nodes array of ControllerNodeAggregateInfo Required
management_cluster Array of Management Nodes array of ManagementNodeAggregateInfo Required

ColumnItem (schema)

Grid Column

Represents a column of the Grid

Name Description Type Notes
column_identifier Identifier for this column

Identifies the column and used for fetching content upon an user click or drilldown. If column identifier is not provided, the column's data will not participate in searches and drilldowns.		 string
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget.		 string Maximum length: 255
field Column Field

Field from which values of the column will be derived.		 string Required
Maximum length: 1024
hidden Hide the column

If set to true, hides the column		 boolean Default: "False"
label Column Label

Label of the column.		 Label Required
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used.		 string Maximum length: 1024
render_configuration Render Configuration

Render configuration to be applied, if any.		 array of RenderConfiguration
sort_ascending Represents order of sorting the values

If true, the value of the column are sorted in ascending order. Otherwise, in descending order.		 boolean Default: "True"
sort_key Key for sorting on this column

Sorting on column is based on the sort_key. sort_key represents the field in the output data on which sort is requested.		 string Maximum length: 255
tooltip Multi-line tooltip

Multi-line text to be shown on tooltip while hovering over a cell in the grid.		 array of Tooltip
type Field data type

Data type of the field.		 string Required
Enum: String, Number, Date
Maximum length: 255
Default: "String"

CommonAgentEndpointInfo (schema)

NSX Application Platform Kafka/ingress endpoints

An endpoint to connect to Kafka/ingress of the NSX Application Platform.
Either FQDN or IP address can be used in the endpoint info.

Name Description Type Notes
address address

The IP address or the full qualified domain name of Kafka broker/ingress.
string Required
Format: hostname-or-ip
port port number

The port number where the broker is listening to.
integer Minimum: 1
Maximum: 65535

CommonAgentHostConfigurationInfo (schema)

NSX Application Platform Common Agent host configuration

NSX Application Platform Common Agent configuration that can be applied to host nodes.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ingress_certificate Broker certificate

A ingress certificate to verify the identity of brokers.
string
ingress_endpoint List of NSX Application Platform ingress endpoints

List of NSX Application Platform ingress endpoints that host nodes contact initially.
array of CommonAgentEndpointInfo
kafka_certificate Broker certificate

A Kafka broker certificate to verify the identity of brokers.
string
kafka_endpoint List of NSX Application Platform Kafka broker endpoints

List of NSX Application Platform broker endpoints that host nodes contact initially.
array of CommonAgentEndpointInfo
nsx_cluster_id Cluster id of the NSX Manager cluster

Cluster id of the NSX Manager cluster.
string
private_ip_range List of private IP prefix

List of private IP prefix that NSX Application Platform Common Agent network flow
is collected from.
array of CommonAgentPrivateIpRangeInfo
resource_type Must be set to the value CommonAgentHostConfigurationInfo string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
truststore truststore

A truststore to establish the trust between NSX and NSX Application Platform.
string

CommonAgentPrivateIpRangeInfo (schema)

NSX Application Platform Common Agent private IP prefix

An IP prefix to mark the private network that NSX Application Platform Common Agent
network flow is collected from.

Name Description Type Notes
address IP address

The prefix of IP address that marks the range of private network.
IPAddress Required
address_type IP address type

The type of IP address.
string Required
Enum: IPV4, IPV6
prefix_length IP prefix length

The length of IP address prefix that marks the range of private network.
integer Required
Minimum: 1
Maximum: 128

CommonUploadFile (schema)

To upload kubeconfig or Kubernetes tools

To upload file content example kubeconfig or Kubernetes tools.

Name Description Type Notes
file File to upload

Kubeconfig or Kubernetes tools file to be imported.
multipart_file Required

CommunicationEntry (schema) (Deprecated)

A communication entry specifies the security policy between the workload groups

A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action

The action to be applied to all the services.
string Enum: ALLOW, DROP, REJECT
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_groups Destination group paths

We need paths as duplicate names may exist for groups under different
domains.In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
direction Direction

Define direction of traffic.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Flag to disable the rule

Flag to disable the rule. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
notes Text for additional notes on changes

Text for additional notes on changes.		 string
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value CommunicationEntry string
scope The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied
on multiple LRs/LRPs.
array of string Maximum items: 128
sequence_number Sequence number of the this CommunicationEntry

This field is used to resolve conflicts between multiple
CommunicationEntries under CommunicationMap for a Domain
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple communication entries with
the same sequence number then their order is not deterministic. If a
specific order of communication entry is desired, then one has to
specify unique sequence numbers or use the POST request on the
communication entry entity with a query parameter action=revise to let
the framework assign a sequence number
int
services Names of services

In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
array of string Maximum items: 128
source_groups Source group paths

We need paths as duplicate names may exist for groups under different
domains. In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
tag Tag applied on the communication entry

User level field which will be printed in CLI and packet logs.
string Maximum length: 32
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

CommunicationEntryInsertParameters (schema) (Deprecated)

Parameters to tell where communication entry needs to be placed

Parameters to let the admin specify a relative position of a communication
entry w.r.t to another one in the same communication map. If the
communication entry specified in the anchor_path belongs to another
communication map an error will be thrown
This type is deprecated. Use the type RuleInsertParameters instead.

Name Description Type Notes
anchor_path The communication map/communication entry path if operation is 'insert_after' or 'insert_before' string
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

CommunicationEntryListRequestParameters (schema) (Deprecated)

CommunicationEntry list request parameters

This type is deprecated. Use the type RuleListRequestParameters instead.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

CommunicationEntryListResult (schema) (Deprecated)

Paged Collection of CommunicationEntries

This type is deprecated. Use the type RuleListResult instead.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CommunicationEntry list results array of CommunicationEntry Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CommunicationInsertParameters (schema) (Deprecated)

Parameters to tell where communication map/communication entry
needs to be placed

Parameters to let the admin specify a relative position of a communication
map or communication entry w.r.t to another one.
This type is deprecated. Use the type RuleInsertParameters instead.

Name Description Type Notes
anchor_path The communication map/communication entry path if operation is 'insert_after' or 'insert_before' string
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

CommunicationMap (schema) (Deprecated)

Contains ordered list of CommunicationEntries

Ordered list of CommunicationEntries. This object is created by default
along with the Domain.
This type is deprecated. Use the type SecurityPolicy instead.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a communication map, if needed.

- Distributed Firewall -
Policy framework for Distributed Firewall provides four pre-defined
categories for classifying a communication map. They are
"Emergency", "Infrastructure", "Environment" and "Application".
Amongst the layer 3 communication maps,there is a pre-determined
order in which the policy framework manages the priority of these
communication maps. Emergency category has the highest priority
followed by Infrastructure, Environment and then Application rules.
Administrator can choose to categorize a communication map into the
above categories or can choose to leave it empty. If empty it will
have the least precedence w.r.t the above four layer 3 categories.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildCommunicationEntry
communication_entries CommunicationEntries that are a part of this CommunicationMap array of CommunicationEntry
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
precedence Precedence to resolve conflicts across Domains

This field is used to resolve conflicts between communication maps
across domains. In order to change the precedence of a communication
map one can fire a POST request on the communication map entity with
a query parameter action=revise
The precedence field will reflect the value of the computed precedence
upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several communication maps, the only way to set the precedence is to
explicitly specify the precedence number for each communication map.
If no precedence is specified in the payload, a value of 0 is
assigned by default. If there are multiple communication maps with
the same precedence then their order is not deterministic. If a
specific order of communication map is desired, then one has to
specify a unique precedence or use the POST request on the
communication map entity with a query parameter action=revise to let
the framework assign a precedence
int
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value CommunicationMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

CommunicationMapInsertParameters (schema) (Deprecated)

Parameters to tell where communication map needs to be placed

Parameters to let the admin specify a relative position of a communication
map w.r.t to another one.
This type is deprecated. Use the type SecurityPolicyInsertParameters instead.

Name Description Type Notes
anchor_path The communication map/communication entry path if operation is 'insert_after' or 'insert_before' string
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

CommunicationMapListRequestParameters (schema) (Deprecated)

CommunicationMap list request parameters

This type is deprecated. Use the type SecurityPolicyListRequestParameters instead.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

CommunicationMapListResult (schema) (Deprecated)

Paged Collection of Communication map

This type is deprecated. Use the type SecurityPolicyListResult instead.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CommunicationMap list results array of CommunicationMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CommunityList (schema)

Community list for BGP routing configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
communities List of BGP community entries

List of BGP community entries. Both standard and large communities
are supported. Standard community format: aa:nn where aa and nn must
be within the range [1 - 65536]. Large BGP Community format: aa:bb:nn
where aa (Global Administrator), bb (Local Data Part 1) and nn (Local
Data Part 2) must be within the range [1 - 4294967295]. In additon to
numbered communites (e.g. 3356:2040), predefined communities (NO_EXPORT,
NO_ADVERTISE, NO_EXPORT_SUBCONFED) are supported.
array of string Required
Minimum items: 1
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value CommunityList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

CommunityListListResult (schema)

Paged collection of CommunityLists

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CommunityList results array of CommunityList Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CommunityMatchCriteria (schema)

Match criteria based on a community list

Name Description Type Notes
criteria Match criteria based on community list path or a regular expression

Match criteria specified as a community list path or a regular
expression.
string Required
match_operator Match operator for community list entries

Match operator for community list entries. Not valid when a regular expression is specified for criteria.
string Enum: MATCH_ANY, MATCH_ALL, MATCH_EXACT, MATCH_COMMUNITY_REGEX, MATCH_LARGE_COMMUNITY_REGEX

CommunityMatchExpression (schema)

Community match expression

Name Description Type Notes
expression Array of community match operations array of CommunityMatchOperation Required
operator Operator

Operator for evaluating community match expressions.
AND logical AND operator
string Readonly
Enum: AND

CommunityMatchOperation (schema)

Community match operation

Name Description Type Notes
community_list_id Community list id

ID of BGP community list. This value is not required when
match_operator is MATCH_REGEX otherwise required.
string
match_operator Match operator

Match operator for communities from provided community list id.
MATCH_ANY will match any community
MATCH_ALL will match all communities
MATCH_EXACT will do exact match on community
MATCH_NONE [operator not supported] will not match any community
MATCH_REGEX will match normal communities by evaluating regular
expression
MATCH_LARGE_COMMUNITY_REGEX will match large communities by evaluating
regular expression
string Enum: MATCH_ANY, MATCH_ALL, MATCH_EXACT, MATCH_NONE, MATCH_REGEX, MATCH_LARGE_COMMUNITY_REGEX
Default: "MATCH_ANY"
regular_expression Regular expression

Regular expression to match BGP communities. If match_operator
is MATCH_REGEX then this value must be specified.
string

ComponentConditionItem (schema)

Antrea Component condition

This indicate component health condition and the reason why not healthy.

Name Description Type Notes
condition_type Antrea Component condition type

Indicate which component condition it is.
ComponentConditionType Readonly
last_heartbeat_time Last heartbeat time

Time unit is millisecond.
EpochMsTimestamp
message Antrea Component condition message

Additional condition information.
string
reason Reason of unhealthy status

Indicate why not healthy.
string
status Component condition status

Indicate healthy or unhealthy.
ConditionStatus

ComponentConditionType (schema)

Antrea Component condition

Antrea Component condition names collection.

Name Description Type Notes
ComponentConditionType Antrea Component condition

Antrea Component condition names collection.		 string Enum: CONTROLLER_HEALTHY, MP_ADAPTER_HEALTHY, MP_CONNECTED, CCP_ADAPTER_HEALTHY, CCP_SESSION_STATE_UP

ComponentMigrationStatus (schema)

Name Description Type Notes
can_skip Can the migration of the remaining units in this component be skipped boolean Readonly
component_type Component type for the migration status string Readonly
details Details about the migration status string Readonly
percent_complete Indicator of migration progress in percentage number Required
Readonly
status Migration status of component string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

ComponentStatus (schema)

Antrea Component status

Antrea Component status enum. If lose connection, status will be UNKNOWN

Name Description Type Notes
ComponentStatus Antrea Component status

Antrea Component status enum. If lose connection, status will be UNKNOWN		 string Enum: HEALTHY, DEGRADED, FAILED, UNKNOWN

ComponentTargetVersion (schema)

Name Description Type Notes
component_type string Required
Readonly
target_version string Required
Readonly

ComponentTypeListRequestParameters (schema)

Name Description Type Notes
component_type Component type on which the action is performed or on which the results are filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ComponentUpgradeChecksInfo (schema)

Meta-data of pre/post-upgrade checks for a component

Meta-data of pre/post-upgrade checks for a component

Name Description Type Notes
component_type Component type

Component type of the pre/post-upgrade checks		 string Required
post_upgrade_checks_info Collection of post-upgrade checks array of UpgradeCheckInfo
pre_upgrade_checks_info Collection of pre-upgrade checks array of UpgradeCheckInfo

ComponentUpgradeChecksInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Collection of info of pre/post-upgrade checks for components array of ComponentUpgradeChecksInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ComponentUpgradeStatus (schema)

Name Description Type Notes
can_rollback Can perform rollback

This field indicates whether we can perform upgrade rollback.		 boolean Readonly
can_skip Can the upgrade of the remaining units in this component be skipped boolean Readonly
component_type Component type for the upgrade status string Readonly
current_version_node_summary Mapping of current versions of nodes and counts of nodes at the respective versions. NodeSummaryList Readonly
details Details about the upgrade status string Readonly
node_count_at_target_version Count of nodes at target component version

Number of nodes of the type and at the component version		 int Readonly
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
pre_upgrade_status Pre-upgrade status of the component-type UpgradeChecksExecutionStatus Readonly
status Upgrade status of component string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version Target component version string Readonly

ComputeClusterIdfwConfiguration (schema)

Compute cluster idfw configuration

Idfw configuration for enable/disable idfw on cluster level.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cluster_idfw_enabled Idfw enabled flag

If set to true, idfw is enabled for this cluster		 boolean Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
member PolicyResourceReference

Contains actual policy resource reference object		 PolicyResourceReference Required
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ComputeClusterIdfwConfiguration string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ComputeClusterIdfwConfigurationListRequestParameters (schema)

Compute cluster idfw configuration request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ComputeClusterIdfwConfigurationListResult (schema)

Paged collection of compute cluster idfw configuration

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Compute cluster wise identity firewall configuration list results array of ComputeClusterIdfwConfiguration Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ComputeCollection (schema)

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cm_local_id Local Id of the compute collection in the Compute Manager string Required
Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External ID of the ComputeCollection in the source Compute manager, e.g. mo-ref in VC string Required
Readonly
origin_id Id of the compute manager from where this Compute Collection was discovered string Required
Readonly
origin_properties Key-Value map of additional specific properties of compute collection in the Compute Manager array of KeyValuePair Readonly
origin_type ComputeCollection type like VC_Cluster. Here the Compute Manager type prefix would help in differentiating similar named Compute Collection types from different Compute Managers string Required
Readonly
owner_id Id of the owner of compute collection in the Compute Manager string Readonly
resource_type Must be set to the value ComputeCollection string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ComputeCollectionAction (schema)

Compute collection action parameters

Name Description Type Notes
action Supported actions on compute-collection

For Compute collection, the supported actions are:
- remove_nsx: removes NSX from the cluster
string Enum: remove_nsx

ComputeCollectionListRequestParameters (schema)

Compute Collection list parameters

Name Description Type Notes
cm_local_id Local Id of the compute collection in the Compute Manager string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
discovered_node_id Id of the discovered node which belongs to this Compute Collection string
display_name Name of the ComputeCollection in source compute manager string
external_id External ID of the ComputeCollection in the source Compute manager, e.g. mo-ref in VC string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
node_id Id of the fabric node created from a discovered node belonging to this Compute Collection string
origin_id Id of the compute manager from where this Compute Collection was discovered string
origin_type ComputeCollection type like VC_Cluster. Here the Compute Manager type prefix would help in differentiating similar named Compute Collection types from different Compute Managers string
owner_id Id of the owner of compute collection in the Compute Manager string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ComputeCollectionListResult (schema)

Compute Collection list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Compute Collection list results array of ComputeCollection Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ComputeCollectionNetworkInterfacesListResult (schema)

ComputeCollection Interfaces List Result

List of network interfaces for all discovered nodes in compute collection

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Discovered node network interfaces

List of discovered node with network interfaces		 array of DiscoveredNodeNetworkInterfaces Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ComputeInstanceErrorMessage (schema)

Compute Instance Error Message

Stores an error ID and error message

Name Description Type Notes
detailed_message Error details

Error message string to indicate, if it is NSX or cloud operation generated error.		 string Required
Readonly
error_id An error ID contract obtained from PCM integer Required
Readonly

ComputeManager (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
access_level_for_oidc Specifies access level to NSX from the compute manager

Specifies the maximum access level allowed for calls from compute manager
to NSX using the OIDC provider.
string Enum: FULL, LIMITED
Default: "FULL"
create_service_account Specifies whether service account is created or not on compute manager

Enable this flag to create service account user on compute manager. This is
required by features such as vSphere Lifecycle Manager for authentication with
vAPIs from nsx.
boolean Default: "False"
credential Login credentials for the compute manager LoginCredential
(Abstract type: pass one of the following concrete types)
LoginCredential
SamlTokenLoginCredential
SessionLoginCredential
UsernamePasswordLoginCredential
VerifiableAsymmetricLoginCredential
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
origin_properties Key-Value map of additional specific properties of compute manager array of KeyValuePair Readonly
origin_type Compute manager type like vCenter string Required
resource_type Must be set to the value ComputeManager string
reverse_proxy_https_port Proxy https port of compute manager

Specifies https port of the reverse proxy to connect to compute manager.
For e.g. In case of VC, this port can be retrieved from this config
file /etc/vmware-rhttpproxy/config.xml.
integer Minimum: 1
Maximum: 65535
Default: "443"
server IP address or hostname of compute manager string Required
Format: hostname-or-ip
set_as_oidc_provider Specifies whether compute manager has been set as OIDC provider

If the compute manager is VC and need to set set as OIDC provider for NSX then
this flag should be set as true. This is specific to wcp feature, should be
enabled when this feature is being used.
boolean Default: "False"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ComputeManagerListRequestParameters (schema)

Compute manager list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
origin_type Compute manager type like vCenter string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
server IP address or hostname of compute manager string Format: hostname-or-ip
sort_ascending boolean
sort_by Field by which records are sorted string

ComputeManagerListResult (schema)

List of compute managers

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of compute managers array of ComputeManager Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ComputeManagerStatus (schema)

Runtime status information of the compute manager

Name Description Type Notes
connection_errors Errors when connecting with compute manager array of ErrorInfo Readonly
connection_status Status of connection with the compute manager string Readonly
Enum: UP, DOWN, CONNECTING
connection_status_details Details about connection status string Readonly
last_sync_time Timestamp of the last successful update of Inventory, in epoch milliseconds. EpochMsTimestamp Readonly
oidc_end_point_id Specifies Id of corresponding OidcEndPoint

If Compute manager is trusted as authorization server, then
this Id will be Id of corresponding oidc end point.
string Readonly
registration_errors Errors when registering with compute manager array of ErrorInfo Readonly
registration_status Registration status of compute manager string Readonly
Enum: REGISTERED, UNREGISTERED, REGISTERING, REGISTERED_WITH_ERRORS
version Version of the compute manager string Readonly

ComputeManagerTopology (schema)

Details where NVDS will be migrated to

Name Description Type Notes
compute_manager_id Identifier of vcenter where VDS will be created string Required
dvswitch Datacenter, VDS mapping array of VdsTopology Required

Condition (schema)

Represents the leaf level condition

Represents the leaf level condition. Evaluation of the condition expression
will be case insensitive.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
key Key string Required
Enum: Tag, Name, OSName, ComputerName, NodeType, GroupType
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
member_type Group member type string Required
Enum: IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort
operator operator

Operator is made non-mandatory to support Segment and SegmentPort tag based expression. To evaluate expression
for other types, operator value should be provided.
string Enum: EQUALS, CONTAINS, STARTSWITH, ENDSWITH, NOTEQUALS, NOTIN
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Condition string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
scope_operator operator

Default operator when not specified explicitly would be considered as EQUALS.
If value for Condition is empty, then condition will not be evaluated.
For example, Condition with key as Tag and value as "|tag" would be evaluated for tag value not for empty
scope value.
string Enum: EQUALS, NOTEQUALS
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
value Value string Required
Minimum length: 1

ConditionStatus (schema)

Antrea Component condition status

Antrea Component condition status shared by all component condition.

Name Description Type Notes
ConditionStatus Antrea Component condition status

Antrea Component condition status shared by all component condition.		 string Enum: HEALTHY, UNHEALTHY

ConditionalForwarderZone (schema) (Deprecated)

Name Description Type Notes
domain_names Domain names of a forwarder zone

A forwarder domain name should be a valid FQDN. If reverse lookup is
needed for this zone, reverse lookup domain name like X.in-addr.arpa
can be defined. Here the X represents a subnet.
array of string Required
Minimum items: 1
Maximum items: 100
source_ip Source ip of the forwarder

The source ip used by the fowarder of the zone. If no source ip
specified, the ip address of listener of the DNS forwarder will
be used.
IPv4Address
upstream_servers Ips of upsteam DNS servers

Ip address of the upstream DNS servers the DNS forwarder accesses.
array of IPv4Address Required
Minimum items: 1
Maximum items: 3

ConditionalValueConstraintExpression (schema)

Represents the leaf level conditional value constraint.

Represents the leaf level expression to restrict the target attribute value
based on the set of existing values. Generally, used in combination with
RelatedAttributeConditionalExpression to constraint the values related to
another attribute on the same resource. This object is always used in
conjunction with some exression.
Example -
{
"condition" : {
"operator":"INCLUDES",
"rhs_value": ["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"],
"value_constraint": {
"resource_type": "ValueConstraintExpression",
"operator":"EXCLUDES",
"values":["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"]
}
}

Name Description Type Notes
operator Set operation to constraint values. string Required
Enum: INCLUDES, EXCLUDES, EQUALS
rhs_value Array of values to perform operation.

List of values.		 array of string
rhs_value_with_type Array of values to perform operation.

List of values.		 ConstraintValue
(Abstract type: pass one of the following concrete types)
CidrArrayConstraintValue
IntegerArrayConstraintValue
StringArrayConstraintValue
value_constraint Value Constraint

Values to apply the conditional constraint on target.
ValueConstraintExpression Required

ConfigState (schema)

Config State

Configuration State.

Name Description Type Notes
ConfigState Config State

Configuration State.		 string Enum: SUCCESS, IN_PROGRESS, ERROR, UNKNOWN, UNINITIALIZED

ConfigType (schema)

Config Type

Name Description Type Notes
ConfigType Config Type string Enum: nsxa-state, nsxa-edge-cluster, nsxa-lrouter, nsxa-service-router, nestdb, edge-agent, dataplane, nsd, manager, controller, core

ConfigurationState (schema)

Describes status of configuration of an entity

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

ConfigurationStateElement (schema)

Describes status of configuration of an entity

Name Description Type Notes
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
state State of configuration on this sub system string Required
Readonly
Enum: in_progress, success, failed, partial_success, in_sync, VM_DEPLOYMENT_FAILED, VM_POWER_ON_FAILED, VM_POWER_OFF_FAILED, VM_UNDEPLOY_FAILED, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, EDGE_CONFIG_ERROR, REGISTRATION_FAILED, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_NETWORK_EDIT_PENDING, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, NOT_AVAILABLE, REGISTRATION_TIMEDOUT, pending, orphaned, unknown, error
sub_system_address URI of backing resource on sub system string Readonly
sub_system_id Identifier of backing resource on sub system string Readonly
sub_system_name Name of backing resource on sub system string Readonly
sub_system_type Type of backing resource on sub system string Readonly

ConjunctionOperator (schema)

Represents the operators AND or OR

Represents the operators AND or OR.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
conjunction_operator Conjunction Operator Node string Required
Enum: OR, AND
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ConjunctionOperator string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ConnectivityAdvancedConfig (schema)

Advanced configuration for Policy connectivity

Name Description Type Notes
connectivity Connectivity configuration

Connectivity configuration to manually connect (ON) or disconnect (OFF)
Tier-0/Tier1 segment from corresponding gateway.
This property does not apply to VLAN backed segments. VLAN backed segments
with connectivity OFF does not affect its layer-2 connectivity.
string Enum: ON, OFF
Default: "ON"

ConsolidatedAPIListRequestParameters (schema)

Consolidated effective IP addresses API list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ip_filter An IPAddress or subnet for filtering the results.

This filter can be used to verify an ip membership in the effective results		 IPElement
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
site_id UUID of the site from which the effective IP addresses are to be fetched string
sort_ascending boolean
sort_by Field by which records are sorted string

ConsolidatedEffectiveIPAddressMemberListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of site wise consolidated effective ip addresses for the given NSGroup array of EffectiveIPInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ConsolidatedEffectiveIPListRequestParameters (schema)

Consolidated API Realization list request params

List request params for the pass through type api that get data from the
Enforcement point. Enforcement point is mandatory for this request.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point on which the API needs to be executed.
Forward slashes must be escaped using %2F.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ip_filter An IPAddress or subnet for filtering the results.

This filter can be used to verify an ip membership in the effective results		 IPElement
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
site_id UUID of the site from which the effective IP addresses are to be fetched string
sort_ascending boolean
sort_by Field by which records are sorted string

ConsolidatedRealizedStatus (schema)

Consolidated Realized Status for an Intent Object

Consolidated Realized Status of an intent object across enforcement points.

Name Description Type Notes
consolidated_status Consolidated Realized Status

Consolidated Realized Status across enforcement points.		 ConsolidatedStatus Readonly
consolidated_status_per_enforcement_point List of Consolidated Realized Status per Enforcement Point

List of Consolidated Realized Status per enforcement point.		 array of ConsolidatedStatusPerEnforcementPoint Readonly
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F.
string Required
Readonly
intent_version Intent version for the status

Represent highest intent version across all realized objects		 string Readonly
publish_status Aggregated Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR

ConsolidatedStatus (schema)

Consolidated Status

Consolidated Status of an intent object. Status Consolidation of an intent happens at
multiple levels:
- Per Enforcement Point: calculation of the consolidated status is performed using all
realized entities that the intent objet maps to on a specific enforcement point.
- Across Enforcement Points: calculation of the consolidated status is performend
aggregating the consolidated status from each enforcement point.

Name Description Type Notes
consolidated_status Consolidated Realized Status

Consolidated Realized Status of an intent object.		 ConfigState Readonly

ConsolidatedStatusNsxT (schema)

NSX-T Consolidated Status

Detailed Realized Status of an intent object on an NSX-T type of enforcement point.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
consolidated_status Consolidated Realized Status

Consolidated Realized Status of an Intent object per enforcement point.
ConsolidatedStatus Readonly
enforced_status Enforced Realized Status

Detailed Realized Status inherent to an NSX-T Enforcement Point.
EnforcedStatusDetailsNsxT Readonly
enforcement_point_id Enforcement Point Id

Enforcement Point Id.		 string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type Must be set to the value ConsolidatedStatusNsxT string Required
site_path Site Path

The site where this enforcement point resides.		 string Readonly

ConsolidatedStatusPerEnforcementPoint (schema)

Consolidated Realized Status Per Enforcement Point

Consolidated Realized Status Per Enforcement Point.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
consolidated_status Consolidated Realized Status

Consolidated Realized Status of an Intent object per enforcement point.
ConsolidatedStatus Readonly
enforcement_point_id Enforcement Point Id

Enforcement Point Id.		 string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type Must be set to the value ConsolidatedStatusPerEnforcementPoint string Required
site_path Site Path

The site where this enforcement point resides.		 string Readonly

ConstantFieldValue (schema)

Constant Field Value

Constant Field Value.

Name Description Type Notes
constant Constant Value

Constant Value that the field must be set to.
object
resource_type Must be set to the value ConstantFieldValue string Required
Enum: ConstantFieldValue

Constraint (schema)

Constraint definition.

Constraint object to constraint any attribute on a resource based on
specified expression.
Example- Restrict the allowed services in Edge Communication Entry to list of
services, if the destinationGroups contain vCenter.
{
"target":{
"target_resource_type":"CommunicationEntry",
"attribute":"services",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}
"constraint_expression":{
"related_attribute":{
"attribute":"destinationGroups"
}
"condition":{
"operator":"INCLUDES",
"rhs_value":{"vCenter"}
"value_constraint":{
"operator":"ALLOW",
"values":{"/ref/services/HTTPS", "/ref/services/HTTOP", ...}
}
}
}
}

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
constraint_expression Expression to constrain the target attribute value. ConstraintExpression
(Abstract type: pass one of the following concrete types)
EntityInstanceCountConstraintExpression
FieldSanityConstraintExpression
RelatedAttributeConditionalExpression
ValueConstraintExpression		 Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
message User friendly message to be shown to users upon violation. string
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Constraint string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target Target resource attribute details. ConstraintTarget Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ConstraintExpression (schema)

Base class for constraint expression

All the types of the expression extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
EntityInstanceCountConstraintExpression
FieldSanityConstraintExpression
RelatedAttributeConditionalExpression
ValueConstraintExpression

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ConstraintExpression string Required
Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ConstraintListResult (schema)

Paged Collection of Constraints

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Constraint list results array of Constraint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ConstraintTarget (schema)

Resource attribute on which constraint should be applied.

Resource attribute on which constraint should be applied.
Example - sourceGroups attribute of Edge CommunicationEntry to be
restricted, is given as:
{
"target_resource_type":"CommunicationEntry",
"attribute":"sourceGroups",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}

Name Description Type Notes
attribute Attribute name of the target entity. string
path_prefix Path prefix of the entity to apply constraint. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. string
target_resource_type Resource type of the target entity. string Required

ConstraintValue (schema)

Base class for each value configuration

All the types of value extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
CidrArrayConstraintValue
IntegerArrayConstraintValue
StringArrayConstraintValue

Name Description Type Notes
resource_type string Required
Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue

ContainerApplication (schema)

Container application within a project

Container application within a project.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
container_cluster_id Identifier of the container cluster

Identifier of the container cluster this container application belongs to.		 string Readonly
container_project_id Identifier of the project

Identifier of the project which this container application belongs to.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External identifier of the container application

Identifier of the container application on container cluster
e.g. PCF app id, k8s service id.
string Required
network_errors Network errors

List of network errors related to container application.		 array of NetworkError
network_status Network status of container application

Network status of container application.		 string Enum: HEALTHY, UNHEALTHY
origin_properties Origin properties

Array of additional specific properties of container application
in key-value format.
array of KeyValuePair
resource_type Must be set to the value ContainerApplication string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
status Status of the container application

Status of the container application.		 string Enum: UNKNOWN, HEALTHY, UP, DOWN, DEGRADED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ContainerApplicationInstance (schema)

Container Application Instance

Container application instance within a project.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cluster_node_id Cluster node id

Cluster node id where application instance is running.		 string
container_application_ids Identifiers of the container application

List of identifiers of the container application.		 array of string
container_cluster_id Identifier of the container cluster

Identifier of the container cluster this application instance belongs to.		 string Readonly
container_project_id Identifier of the project

Identifier of the container project which this container application instance
belongs to.
string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External identifier of the container application instance

Identifier of the container application instance on container cluster.		 string Required
network_errors Network errors

List of network errors related to container application instance.		 array of NetworkError
network_status Network status of container application instance

Network status of container application instance.		 string Enum: HEALTHY, UNHEALTHY
origin_properties Origin properties

Array of additional specific properties of container application instance
in key-value format.
array of KeyValuePair
resource_type Must be set to the value ContainerApplicationInstance string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
status Status of the container application instance

Status of the container application instance.		 string Enum: UNKNOWN, HEALTHY, UP, DOWN, DEGRADED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ContainerApplicationInstanceGroupAssociationRequestParams (schema)

List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path

List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point from which the list of groups needs
to be fetched. Forward slashes must be escaped using %2F. If no enforcement
point path is specified, the default enforcement point is considered
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
pod_id ContainerApplicationInstance string Required
sort_ascending boolean
sort_by Field by which records are sorted string

ContainerApplicationInstanceListRequestParameters (schema)

Container application instance list parameters

Request object, containing multiple properties, based on which the result will be filtered.
None or multiple properties can be passed as filter criteria. If multiple properties are passed
then result will be the intersection of the resultsets by applying each filter individually.

Name Description Type Notes
container_application_id Identifier of the container application

Identifier of the container application.		 string
container_cluster_id Identifier of the container cluster

Identifier of the container cluster.		 string
container_project_id Identifier of the container project

Identifier of the container project.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
scope_id Scope id for container cluster

Specifies scope id for container cluster. Default value is same as identifier of the cluster.
string
sort_ascending boolean
sort_by Field by which records are sorted string

ContainerApplicationInstanceListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Container Applications array of ContainerApplicationInstance Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContainerApplicationListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Container Applications array of ContainerApplication Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContainerCluster (schema)

Container cluster

Details of container cluster.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cluster_type Type of the container cluster

Type of the container cluster. In case of creating container cluster
first time, it is expected to pass the valid cluster-type.
In case of update, if there is no change in cluster-type, then this
field can be omitted in the request.
string Enum: PAS, PKS, Kubernetes, Openshift, WCP, WCP_Guest, AKS, EKS, TKGm, TKGi, GKE, Gardener, Rancher, TAS, Other
cni_type CNI type for container cluster

Specifies Container Network Interface type for container cluster.		 string Enum: NCP, Antrea, Other
Default: "Other"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External identifier of the container cluster

External identifier of the container cluster.		 string
infrastructure Details of infrastructure for the container cluster

Details of underlying infrastructure that hosts the container cluster.
In case of creating container cluster first time, it is expected to
pass the valid infrastructure.
In case of update, if there is no change in cluster-type, then this
field can be omitted in the request.
ContainerInfrastructureInfo
network_errors Network errors

List of network errors related to container cluster.		 array of NetworkError
network_status Network status of container cluster

Network status of container cluster.		 string Enum: HEALTHY, UNHEALTHY
origin_properties Origin properties

Array of additional specific properties of container cluster
in key-value format.
array of KeyValuePair
resource_type Must be set to the value ContainerCluster string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
supervisor_project_id Supervisor ContainerProject identifier for cluster

Specifies supervisor container project identifier for cluster.		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ContainerClusterFilterParameters (schema)

Container cluster filter parameter

Request object, containing multiple properties, based on which the result will be filtered.
None or multiple properties can be passed as filter criteria. If multiple properties are passed
then result will be the intersection of the resultsets by applying each filter individually.

Name Description Type Notes
container_cluster_id Identifier of the container cluster

Identifier of the container cluster.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
scope_id Scope id for container cluster

Specifies scope id for container cluster. Default value is same as identifier of the cluster.
string
sort_ascending boolean
sort_by Field by which records are sorted string

ContainerClusterListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
status Container cluster status TnContainerStatusType

ContainerClusterListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Container Clusters array of ContainerCluster Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContainerClusterNode (schema)

Container cluster node

Details of container cluster node i.e. container host.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cni_agent_status CNI agent status of container cluster node

Specifies Container Network Interface agent status of container cluster node.		 string Enum: HEALTHY, UNHEALTHY
container_cluster_id External identifier of the container cluster

External identifier of the container cluster.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External identifier of the container cluster node

External identifier of the container cluster node in K8S/PAS.
string Required
ip_addresses IP Addresses of Node

List of IP addresses of container cluster node.		 array of IPAddress
network_errors Network errors

List of network errors related to container cluster node.		 array of NetworkError
network_status Network status of container cluster node

Network status of container cluster node.		 string Enum: HEALTHY, UNHEALTHY
origin_properties Origin properties

Array of additional specific properties of container cluster node
in key-value format.
array of KeyValuePair
provider_id Provider id of container node

Specifies identifier of container cluster node given by infrastructure provider
of container cluster. e.g. in case of vSpehere, it will be instance uuid of worker
node virtual machine.
string
resource_type Must be set to the value ContainerClusterNode string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ContainerClusterNodeListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of container cluster nodes array of ContainerClusterNode Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContainerClusterPropertiesFilterParameters (schema)

Container cluster filter parameter by cluster properties

Request object, containing multiple cluster properties, based on which the result will be filtered.
None or multiple properties can be passed as filter criteria. If multiple properties are passed
then result will be the intersection of the resultsets by applying each filter individually.

Name Description Type Notes
cluster_type Type of container cluster

This is the type of container cluster.		 string Enum: PAS, PKS, Kubernetes, Openshift, WCP, WCP_Guest, AKS, EKS, TKGm, TKGi, GKE, Gardener, Rancher, TAS, Other
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
infra_type Type of infrastructure

This is the type of container's infrastructure.		 string Enum: vSphere, AWS, Azure, Google, VMC, KVM, Baremetal
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
scope_id Scope id for container cluster

Specifies scope id for container cluster. Default value is same as identifier of the cluster.
string
sort_ascending boolean
sort_by Field by which records are sorted string

ContainerClusterStatus (schema)

Name Description Type Notes
cluster_id Identifier of the container cluster

Identifier of the container cluster.		 string
detail Detail information on status

Detail information on status.		 string
interval Container cluster status check interval

Display the cluster check interval in seconds.		 int Readonly
Minimum: 60
Maximum: 600
status Container cluster status

Display the container cluster status.		 TnContainerStatusType

ContainerClusterStatusList (schema)

List of the Container cluster

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Container cluster list

Container cluster list.		 array of ContainerClusterSummary Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContainerClusterSummary (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cluster_id Identifier of the container cluster

Identifier of the container cluster.		 string Required
Readonly
cluster_name Container cluster name

Display the container cluster name		 string Required
description Description of this resource string Maximum length: 1024
Sortable
detail Detail information on status

Detail information on status.		 string Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ContainerClusterSummary string
status Container cluster status

Display the container cluster status.		 TnContainerStatusType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Container cluster type

Container cluster type.		 ContainerClusterType

ContainerClusterType (schema)

Container cluster type

Name Description Type Notes
ContainerClusterType Container cluster type string Enum: PAS, PKS, Kubernetes, Openshift, WCP, Other

ContainerConfiguration (schema)

Container that holds widgets

Represents a container to group widgets that belong to a common category or have a common purpose.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
header Header
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
labels Labels

Labels for the container.		 array of Label Minimum items: 0
layout Layout of widgets inside container

Layout of widgets can be either vertical or horizontal. If layout is not specified a default horizontal layout is applied. This property is deprecated. Now the layout inside the container can be taken care with the help of 'rowspan' and 'colspan' property.		 Layout Deprecated
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string Maximum length: 1024
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value ContainerConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated
widgets Widgets held by the container

If not specified, creates an empty container.		 array of WidgetItem Minimum items: 0

ContainerInfrastructureInfo (schema)

Details of container infrastructure

Details of infrastructure hosting the container cluster
e.g. vSphere, AWS, VMC etc..

Name Description Type Notes
infra_type Type of the infrastructure

Type of the infrastructure.		 string Required
Enum: vSphere, AWS, Azure, Google, VMC, KVM, Baremetal

ContainerIngressPolicy (schema)

Container Ingress Policy

Details of Container Ingress Policy.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
container_application_ids Identifiers of the container application

List of identifiers of the container application , on which ingress policy
is applied. e.g. IDs of all services on which the ingress is applied in
kubernetes.
array of string
container_cluster_id Identifier of the container cluster

Identifier of the container cluster this ingress policy belongs to.		 string
container_project_id Identifier of the project

Identifier of the project which this container ingress belongs to.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External identifier of the container ingress policy

Identifier of the container ingress policy.		 string Required
network_errors Network errors

List of network errors related to container ingress.		 array of NetworkError
network_status Network status of container ingress

Network status of container ingress.		 string Enum: HEALTHY, UNHEALTHY
origin_properties Origin properties

Array of additional specific properties of container ingress
in key-value format.
array of KeyValuePair
resource_type Must be set to the value ContainerIngressPolicy string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
spec Container ingress policy specification

Container ingress policy specification.		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ContainerIngressPolicyListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Container Ingress Policy specs array of ContainerIngressPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContainerListRequestParameters (schema)

Realization list request params

List request params for the pass through type api that get data from the Antrea Cluster.

Name Description Type Notes
cluster_id Cluster ID

ID of the cluster to query
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point from which the list of members needs
to be fetched. Forward slashes must be escaped using %2F.
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ContainerNetworkPolicy (schema)

Container Network Policy

Network policy applied to container.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
container_cluster_id Identifier of the container cluster

Identifier of the container cluster this network policy belongs to.		 string
container_project_id Identifier of the project

Identifier of the project which this network policy belongs to.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External identifier of the container network policy

Identifier of the container network policy.		 string Required
network_errors Network errors

List of network errors related to container network policy.		 array of NetworkError
network_status Network status of container network policy

Network status of container network policy.		 string Enum: HEALTHY, UNHEALTHY
origin_properties Origin properties

Array of additional specific properties of container network policy
in key-value format.
array of KeyValuePair
policy_type Type

Type e.g. Network Policy, ASG.		 string Enum: NETWORK_POLICY, ASG, ACNP, ANP
resource_type Must be set to the value ContainerNetworkPolicy string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
spec Container network policy specification

Container network policy specification.		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ContainerNetworkPolicyListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Container Network Policy specs array of ContainerNetworkPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContainerObjectsListRequestParameters (schema)

Container objects list parameters

Request object, containing multiple properties, based on which the result will be filtered.
None or multiple properties can be passed as filter criteria. If multiple properties are passed
then result will be the intersection of the resultsets by applying each filter individually.

Name Description Type Notes
container_cluster_id Identifier of the container cluster

Identifier of the container cluster.		 string
container_project_id Identifier of the container project

Identifier of the container project.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
scope_id Scope id for container cluster

Specifies scope id for container cluster. Default value is same as identifier of the cluster.
string
sort_ascending boolean
sort_by Field by which records are sorted string

ContainerProject (schema)

Container project within a container cluster

Details of org/namespace within a container cluster.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
container_cluster_id Identifier of the container cluster

Identifier of the container cluster to which this project/namespace belongs.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External identifier of the container project

External identifier of the container project.		 string Required
network_errors Network errors

List of network errors related to container project.		 array of NetworkError
network_status Network status of container project

Network status of container project.		 string Enum: HEALTHY, UNHEALTHY
origin_properties Origin properties

Array of additional specific properties of container project
in key-value format.
array of KeyValuePair
resource_type Must be set to the value ContainerProject string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ContainerProjectListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of projects array of ContainerProject Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ContentFilterValue (schema)

Support bundle content filter allowed values

Name Description Type Notes
ContentFilterValue Support bundle content filter allowed values string Enum: ALL, DEFAULT

ContextProfileAttributesMetadata (schema)

Key value structure for holding metadata of context profile attributes

Name Description Type Notes
key Key for metadata string Required
value Value for metadata key string Required

ContinueMigrationRequestParameters (schema)

Name Description Type Notes
skip Skip to migration of next component. boolean Default: "False"

ContinueRequestParameters (schema)

Name Description Type Notes
component_type Component to upgrade.

Hints NSX to upgrade a specific component.		 string
skip Skip to upgrade of next component. boolean Default: "False"

ControlClusterNodeStatus (schema)

Name Description Type Notes
control_cluster_status Status of this node's connection to the control cluster ClusteringStatus Readonly
mgmt_connection_status Status of this node's management plane connection MgmtConnStatus Readonly

ControlClusteringConfig (schema)

Clustering config for joining control cluster

Config for joining cluster nodes VMs to a control cluster

Name Description Type Notes
clustering_type Must be set to the value ControlClusteringConfig string Required
Enum: ControlClusteringConfig
join_to_existing_cluster Flag to identify the type of clustering

Specifies whether or not the cluster node VM should try to join to
the existing control cluster or initialize a new one.
Only required in uncertainty case, i.e. when there are manually-
deployed controllers that are registered but not connected to the
cluster and no auto-deployed controllers are part of the cluster.
boolean
shared_secret Cluster's shared secret

Shared secret to be used when joining the cluster node VM to a control
cluster or for initializing a new cluster with the VM.
Must contain at least 4 unique characters and be at least 6 characters
long.
string Required

ControlConnStatus (schema)

Name Description Type Notes
control_node_ip IP address of the control Node. string Required
Readonly
failure_status Failure status of the control Node for e.g CONNECTION_REFUSED,INCOMPLETE_HOST_CERT. string Readonly
Enum: CONNECTION_REFUSED, INCOMPLETE_HOST_CERT, INCOMPLETE_CONTROLLER_CERT, CONTROLLER_REJECTED_HOST_CERT, HOST_REJECTED_CONTROLLER_CERT, KEEP_ALIVE_TIMEOUT, OTHER_SSL_ERROR, OTHER_ERROR
status Status of the control Node for e.g UP, DOWN. string Required
Readonly
Enum: UP, DOWN

ControllerClusterRoleConfig (schema)

Name Description Type Notes
control_cluster_listen_addr The IP and port for the control cluster service on this node ServiceEndpoint Readonly
control_plane_listen_addr The IP and port for the control plane service on this node ServiceEndpoint Readonly
host_msg_client_info MsgClientInfo
mpa_msg_client_info MsgClientInfo
type Type of this role configuration string Required
Readonly
Enum: ManagementClusterRoleConfig, ControllerClusterRoleConfig

ControllerClusterStatus (schema)

Name Description Type Notes
status The current status of the controller cluster string Readonly
Enum: NO_CONTROLLERS, UNSTABLE, DEGRADED, STABLE, UNKNOWN

ControllerNodeAggregateInfo (schema)

Name Description Type Notes
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
id Unique identifier of this resource string Readonly
node_interface_properties Array of Node interface statistic properties array of NodeInterfaceProperties Readonly
node_interface_statistics Array of Node network interface statistic properties array of NodeInterfaceStatisticsProperties Readonly
node_status ClusterNodeStatus Readonly
node_status_properties Time series of the node's system properties array of NodeStatusProperties
role_config ControllerClusterRoleConfig Readonly

ControllerProfilerProperties (schema)

Controller profiler properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
enabled True for enabling controller profiler,
False for disabling controller profiler.
boolean

CookiePersistenceModeType (schema) (Deprecated)

cookie persistence mode

If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request.
Three different modes of cookie persistence are supported: insert, prefix
and rewrite.
In cookie insert mode, a cookie is inserted by load balancer in the HTTP
response going from server to client.
In cookie prefix and rewrite modes, server controls the cookie and load
balancer only manipulates the value of the cookie. In prefix mode, server's
cookie value is prepended with the server IP and port and then sent to the
client. In rewrite mode, entire server's cookie value is replaced with the
server IP and port in the response before sending it to the client.

Name Description Type Notes
CookiePersistenceModeType cookie persistence mode

If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request.
Three different modes of cookie persistence are supported: insert, prefix
and rewrite.
In cookie insert mode, a cookie is inserted by load balancer in the HTTP
response going from server to client.
In cookie prefix and rewrite modes, server controls the cookie and load
balancer only manipulates the value of the cookie. In prefix mode, server's
cookie value is prepended with the server IP and port and then sent to the
client. In rewrite mode, entire server's cookie value is replaced with the
server IP and port in the response before sending it to the client.
string Deprecated
Enum: INSERT, PREFIX, REWRITE

CookieTimeType (schema) (Deprecated)

Snat translation type

Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting

Name Description Type Notes
CookieTimeType Snat translation type

Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting
string Deprecated
Enum: LbSessionCookieTime, LbPersistenceCookieTime

CopyFromRemoteFileProperties (schema)

Name Description Type Notes
port Server port integer Minimum: 1
Maximum: 65535
protocol Protocol to use to copy file Protocol
(Abstract type: pass one of the following concrete types)
HttpProtocol
HttpsProtocol
ScpProtocol
SftpProtocol		 Required
server Remote server hostname or IP address string Required
Pattern: "^[^/:]+$"
uri URI of file to copy string Required

CopyRemoteFileProperties (schema)

Name Description Type Notes
port Server port integer Minimum: 1
Maximum: 65535
server Remote server hostname or IP address string Required
Pattern: "^[^/:]+$"
uri URI of file to copy string Required

CopyToRemoteFileProperties (schema)

Name Description Type Notes
port Server port integer Minimum: 1
Maximum: 65535
protocol Protocol to use to copy file

Only scp and sftp may be used.		 Protocol
(Abstract type: pass one of the following concrete types)
HttpProtocol
HttpsProtocol
ScpProtocol
SftpProtocol		 Required
server Remote server hostname or IP address string Required
Pattern: "^[^/:]+$"
uri URI of file to copy string Required

CpuCoreConfigForEnhancedNetworkingStackSwitch (schema) (Deprecated)

Enhanced Networking Stack CPU configuration

Non Uniform Memory Access (NUMA) nodes and Logical cpu cores (Lcores) per NUMA node configuration for Enhanced Networking Stack enabled HostSwitch.

Name Description Type Notes
num_lcores Number of Logical cpu cores (Lcores) to be placed on a specified NUMA node int Required
Minimum: 1
numa_node_index Unique index of the Non Uniform Memory Access (NUMA) node int Required
Minimum: 0

CpuStats (schema)

Name Description Type Notes
core core id

CPU id		 string Readonly
cpu_type cpu type

cpu type, one of datapath_core, controlpath_core and service_core		 string Readonly
Enum: datapath_core, controlpath_core, service_core
Default: "controlpath_core"
crypto CPU crypto usage

CPU crypto usage(pps)		 string Readonly
intercore CPU intercore usage

CPU intercore usage(pps)		 string Readonly
kni CPU kni usage

CPU kni usage(pps)		 string Readonly
packet_processing_usage Datapath CPU packet processing usage

Datapath CPU packet processing usage(%)		 string Readonly
rx CPU rx usage

CPU rx usage(pps)		 string Readonly
slowpath CPU slowpath usage

CPU slowpath usage(pps)		 string Readonly
tx CPU tx usage

CPU tx usage(pps)		 string Readonly
usage CPU usage

CPU usage(%)		 string Readonly

CpuUsage (schema)

CPU usage of DPDK and non-DPDK cores

Name Description Type Notes
avg_cpu_core_usage_dpdk Average utilization of all DPDK cores

Indicates the average usage of all DPDK cores in percentage.		 number Readonly
avg_cpu_core_usage_non_dpdk Average usage of all non-DPDK cores

Indicates the average usage of all non-DPDK cores in percentage.		 number Readonly
highest_cpu_core_usage_dpdk Highest CPU utilization value among DPDK cores

Indicates the highest CPU utilization value among DPDK cores in percentage.		 number Readonly
highest_cpu_core_usage_non_dpdk Highest CPU utilization value among non-DPDK cores

Indicates the highest cpu utilization value among non_dpdk cores in percentage.		 number Readonly

CreateRemoteDirectoryProperties (schema)

Name Description Type Notes
port Server port integer Minimum: 1
Maximum: 65535
protocol Protocol to use to copy file SftpProtocol Required
server Remote server hostname or IP address string Required
Pattern: "^[^/:]+$"
uri URI of file to copy string Required

Criterion (schema)

Event Criterion

Event Criterion is the logical evaluations by which the event may
be deemed fulfilled. All the evaluations must be met in order for
the criterion to be met (implicit AND).

Name Description Type Notes
evaluations Criterion Evaluations

Criterion Evaluations.
array of Evaluation
(Abstract type: pass one of the following concrete types)
SourceFieldEvaluation		 Required
Minimum items: 1

Crl (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
crl_type Type of CRL

The type of the CRL. It can be "OneCRL" or "X509" (default).		 string Enum: OneCRL, X509
Default: "X509"
description Description of this resource string Maximum length: 1024
Sortable
details Details of the X509Crl object. X509Crl Readonly
details_revoked_by_issuer_and_serial_number Certificates revoked by issuer and serial number array of IssuerSerialNumber Readonly
details_revoked_by_subject_and_public_key_hash Certificates revoked by subject and public key hash array of SubjectPublicKeyHash Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
one_crl JSON-encoded OneCRL-like object string
pem_encoded PEM encoded CRL data. string
resource_type Must be set to the value Crl string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CrlDistributionPoint (schema)

Reference to a CRL Distribution Point where to fetch a CRL

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cdp_uri CDP URI

CRL Distribution Point URI where to fetch the CRL.		 string Required
Readonly
Maximum length: 255
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
issuer Issuer

Issuer of the CRL, referring to the CA.		 string Required
Readonly
Maximum length: 255
resource_type Must be set to the value CrlDistributionPoint string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CrlDistributionPointList (schema)

CrlDistributionPoint query result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CrlDistributionPoint list. array of CrlDistributionPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CrlDistributionPointStatus (schema)

Reference to a CRL Distribution Point where to fetch a CRL

Name Description Type Notes
error_message Error Message

Error message when fetching the CRL failed.		 string Readonly
status Status

Status of the fetched CRL for this CrlDistributionPoint		 CdpStatusType Required
Readonly

CrlList (schema)

Crl queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CRL list. array of Crl Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CrlObjectData (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
crl_type Type of CRL

The type of the CRL. It can be "OneCRL" or "X509" (default).		 string Enum: OneCRL, X509
Default: "X509"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
one_crl JSON-encoded OneCRL-like object string
pem_encoded PEM encoded CRL data. string
resource_type Must be set to the value CrlObjectData string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CrlPemRequestType (schema)

Request Type to get a CRL's PEM file.

Name Description Type Notes
cdp_uri CDP URI

CRL Distribution Point URI where to fetch the CRL.		 string Required
Readonly
Maximum length: 255

CrossSiteFlowInfo (schema)

Information about config flow in federation

Represents details of the config flow between sites.
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)

Name Description Type Notes
from_site_id Site id of the source string
from_site_path Source site policy path string
full_sync_info Full sync information for the flow FullSyncInfo
latency_measured_ts Timestamp of latency measurement integer
latency_millis Latency from source to destination site in milli seconds integer
status Overall status of the flow string Enum: GOOD, DISCONNECTED, RECOVERY, ERROR, UNKNOWN, NOT_READY
to_site_id Site id of the destination string
to_site_path Destination site policy path string

CryptoAlgorithm (schema)

Name Description Type Notes
key_size Supported key sizes for the algorithm. array of KeySize Required
Readonly
name Crypto algorithm name. string Required
Readonly

CryptoEnforcement (schema)

Action for crypto enforcement

If enforced and if TLS protocol Client/Server Hello has none of the
permitted TLS versions or ciphers then the connection is immediately terminated.

Name Description Type Notes
CryptoEnforcement Action for crypto enforcement

If enforced and if TLS protocol Client/Server Hello has none of the
permitted TLS versions or ciphers then the connection is immediately terminated.
string Readonly
Enum: ENFORCE, TRANSPARENT

CsmStatus (schema)

Information about status of cloud service manager

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
display_name Name of the Csm instance string Readonly
id UUID of the Csm appliance

Identifier of the Csm appliance		 string Required
Readonly
ip_address IP address of Csm instance string Readonly
managed_by_vmware Mode of running of Csm instance

This property is used only if CSM is running in service mode		 boolean Readonly
supported_clouds Indication of clouds supported by CSM

This property provides the list of names of supported clouds by CSM.
array of CloudTypeInfo Required
Readonly
version Version of Csm string Required
Readonly

CsmSupportedRegions (schema)

Csm supported regions for cloud type

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cloud_type Type of cloud string Readonly
Enum: AWS, AZURE, AWS_GOV_US_EAST, AWS_GOV_US_WEST, AZURE_GOV_US
supported_regions Array of supported regions on the type of cloud array of string Readonly

CsmSupportedRegionsListResult (schema)

List of all Csm supported regions per cloud type

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of supported regions per cloud type array of CsmSupportedRegions Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CsmSystemConfig (schema)

CSM system management configuration information

CSM deploys Gateway (PCG) in the cloud, CSM mgmt IP may or may not be the
same as the IP exposed to PCG. Configuring the IP CIDRs that are exposed
to the PCG (after NAT) would allow CSM to configure cloud gateway security
group to be only accessed via appropriate IP CIDRs.

Name Description Type Notes
mgmt_ip_config List of management IP CIDRs. array of CidrBlock

CsmVpnEndpoint (schema)

NSX managed CSM VPN endpoint

Details of a CSM VPN endpoint which can either be an AWS VPC or
an Azure VNET managed by NSX

Name Description Type Notes
display_name Display name for the CSM VPN endpoint string Required
Readonly
endpoint_type Type of endpoint like AWS, Azure or other supported clouds string Required
Readonly
Enum: AWS, AZURE, GOOGLE, AZURE_GOV_US, AWS_GOV_US_EAST, AWS_GOV_US_WEST
id Unique identifier for the CSM VPN endpoint string Required
Readonly

CsmVpnEndpointsListRequestParameters (schema)

These parameters can be used to filter the list of CSM VPN endpoints.
Multiple parameters can be given as input. Different parameters are implicitly 'AND'ed.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
endpoint_type Endpoint type based on which the CSM VPN endpoints list is to be filtered string Enum: AWS, AZURE, GOOGLE, AZURE_GOV_US, AWS_GOV_US_EAST, AWS_GOV_US_WEST
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

CsmVpnEndpointsListResult (schema)

List of NSX managed CSM VPN endpoints

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NSX managed CSM VPN endpoints array of CsmVpnEndpoint
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CsmVpnSession (schema)

CSM VPN session details

Details of a CSM VPN session like name, source and destination
endpoints

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
destination_endpoint Destination endpoint of the CSM VPN session

Destination endpoint of the CSM VPN session can be a cloud
endpoint like AWS VPC, Azure VNET managed by NSX.
CsmVpnEndpoint Required
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value CsmVpnSession string
source_endpoint Source endpoint of the CSM VPN session

Source endpoint of the CSM VPN session can be a cloud
endpoint like AWS VPC, Azure VNET managed by NSX.
CsmVpnEndpoint Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CsmVpnSessionStatus (schema)

CSM VPN session status and details

Status and details of a CSM VPN session

Name Description Type Notes
details CSM VPN session details

Details of the CSM VPN session with endpoints and the status
of the session.
CsmVpnSession Required
Readonly
state Realized state of the CSM VPN session string Required
Readonly
Enum: DOWN, UP, IN_PROGRESS
status_message Detailed status message of the CSM VPN session string Readonly

CsmVpnSessionStatusListRequestParameters (schema)

These parameters can be used to filter the list of CSM VPN sessions statuses.
Multiple parameters can be given as input. Different parameters are implicitly 'AND'ed.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
refresh Flag to fetch the updated list of CSM VPN sessions statuses boolean Default: "False"
sort_ascending boolean
sort_by Field by which records are sorted string
state CSM VPN session realized state based on which the CSM VPN sessions list is to be filtered string Enum: DOWN, UP, IN_PROGRESS

CsmVpnSessionStatusListResult (schema)

CSM VPN sessions status list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of CSM VPN sessions statuses array of CsmVpnSessionStatus
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Csr (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
algorithm Cryptographic algorithm (asymmetric) used by the public key for data encryption. string Enum: RSA
Default: "RSA"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_ca Whether the CSR is for a CA certificate. boolean Default: "False"
key_size Size measured in bits of the public key used in a cryptographic algorithm. integer Default: "4096"
pem_encoded PEM encoded certificate data. string Readonly
resource_type Must be set to the value Csr string
subject The certificate owner's information. (CN, O, OU, C, ST, L) Principal Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CsrExt (schema)

Extended certificate signing request body

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
algorithm Cryptographic algorithm (asymmetric) used by the public key for data encryption. string Enum: RSA
Default: "RSA"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
extensions X509 extensions to add

X509 v3 extensions to be added to a CSR.		 CsrExtensions Readonly
id Unique identifier of this resource string Sortable
is_ca Whether the CSR is for a CA certificate. boolean Default: "False"
key_size Size measured in bits of the public key used in a cryptographic algorithm. integer Default: "4096"
pem_encoded PEM encoded certificate data. string Readonly
resource_type Must be set to the value CsrExt string
subject The certificate owner's information. (CN, O, OU, C, ST, L) Principal Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CsrExtensions (schema)

Collection of various x509 v3 extensions to be added to a CSR

Name Description Type Notes
subject_alt_names Subject alternative names

Subject alternative names of the CSR		 SubjectAltNames Readonly

CsrList (schema)

Csr queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results CSR list. array of Csr Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

CsrWithDaysValid (schema)

CSR data with days valid

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
algorithm Cryptographic algorithm (asymmetric) used by the public key for data encryption. string Enum: RSA
Default: "RSA"
days_valid Number of days the certificate will be valid, default 825 days integer Minimum: 1
Maximum: 10000
Default: "825"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_ca Whether the CSR is for a CA certificate. boolean Default: "False"
key_size Size measured in bits of the public key used in a cryptographic algorithm. integer Default: "4096"
pem_encoded PEM encoded certificate data. string Readonly
resource_type Must be set to the value CsrWithDaysValid string
subject The certificate owner's information. (CN, O, OU, C, ST, L) Principal Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

CsvListResult (schema)

Base type for CSV result.

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string

CsvRecord (schema)

Base type for CSV records.

Name Description Type Notes
CsvRecord Base type for CSV records. object

CurrentBackupOperationStatus (schema)

Current backup operation status

Name Description Type Notes
backup_id Unique identifier of current backup string
current_step Current step of operation string Enum: BACKUP_CREATING_CLUSTER_BACKUP, BACKUP_CREATING_NODE_BACKUP
current_step_message Additional human-readable status information about current step string
end_time Time when operation is expected to end EpochMsTimestamp
operation_type Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set. string Enum: NONE, BACKUP
start_time Time when operation was started EpochMsTimestamp

CurrentRealizationStateBarrier (schema)

The current global barrier number of the realized state

Name Description Type Notes
current_barrier_number Gives the current global barrier number for NSX integer Required
Readonly

CustomAttributeAction (schema)

Request Parameters for Custom Context Profile Attributes

Request Parameter which specify action to either add or remove the custom values.

Name Description Type Notes
action Add or Remove Custom Context Profile Attribute values.

Action parameter determines whether to add or remove Custom Context Profile Attribute values.
string Required
Enum: add, remove

CustomFilterWidgetConfiguration (schema)

Custom Filter widget Configuration

Represents configuration for custom filter widget. For this widget the data source is not applicable. It defines ui identifer for filter UI component and render it on dashboard view. This configuration can only be used for system owned widgets.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alias Alias to be used when emitting filter value

Alias to be used when emitting filter value.		 string
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value CustomFilterWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
ui_component_identifier UI identifier for filter component to be rendered inside view/container

User defined filter component selector to be rendered inside view/container.		 string Required
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

CustomWidgetConfiguration (schema)

Custom widget Configuration

Represents configuration for custom widget. For this widget the data source is not applicable. It defines ui identifer to identify UI component and render it on dashboard view. This configuration can only be used for system owned widgets.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value CustomWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
ui_component_identifier UI identifier for component to be rendered inside view/container

User defined component selector to be rendered inside view/container.		 string
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

CvxConnectionInfo (schema)

CVX Connection Info

Credential info to connect to a CVX type of enforcement point.

Name Description Type Notes
enforcement_point_address Enforcement Point Address

Value of this property could be Hostname or IP. For instance:
- On an NSX-T MP running on default port, the value could be "10.192.1.1"
- On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789"
- On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"
string Required
password Password

Password.		 string Required
resource_type Must be set to the value CvxConnectionInfo string Required
Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
thumbprint Thumbprint of Enforcement Point

Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.
string
username Username

Username.		 string Required

DADMode (schema)

DAD Mode

Duplicate address detection modes.

Name Description Type Notes
DADMode DAD Mode

Duplicate address detection modes.
string Enum: LOOSE, STRICT

DADProfile (schema)

Duplicate address detection profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
dad_mode DAD Mode DADMode Default: "LOOSE"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ns_retries NS retries count

Number of Neighbor solicitation packets generated before completing the
Duplicate address detection process.
integer Minimum: 0
Maximum: 10
Default: "3"
resource_type Must be set to the value DADProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
wait_time Wait time

The time duration in seconds, to wait for Neighbor advertisement
after sending the Neighbor solicitation message.
integer Minimum: 0
Maximum: 60
Default: "1"

DADProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DADProfile array of DADProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DADStatus (schema)

DAD Status

Duplicate address detection status for IP address on port.

Name Description Type Notes
DADStatus DAD Status

Duplicate address detection status for IP address on port.
string Enum: DUPLICATED, TENTATIVE, ASSIGNED, NOT_APPLICABLE, UNKNOWN

DHGroup (schema)

Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared
keys between IPSec VPN initiator and responder over an
unsecured network.
GROUP2 uses 1024-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
GROUP19 uses 256-bit random Elliptic Curve (ECP) group.
GROUP20 uses 384-bit random ECP group.
GROUP21 uses 521-bit random ECP group.

Name Description Type Notes
DHGroup Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared
keys between IPSec VPN initiator and responder over an
unsecured network.
GROUP2 uses 1024-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
GROUP19 uses 256-bit random Elliptic Curve (ECP) group.
GROUP20 uses 384-bit random ECP group.
GROUP21 uses 521-bit random ECP group.
string Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21

DNSForwarderStatisticsPerEnforcementPoint (schema)

DNS forwarder statistics per enforcement point

DNS forwarder statistics per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatistics

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path referencing the enforcement point from where the statistics are fetched.
string Readonly
resource_type string Required
Enum: NsxTDNSForwarderStatistics

DNSForwarderStatusPerEnforcementPoint (schema)

DNS forwarder status per enforcement point

DNS forwarder status per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatus

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path referencing the enforcement point from where the status is fetched.
string Readonly
resource_type string Required
Enum: NsxTDNSForwarderStatus

DSAppliedToType (schema)

Resource type valid for use as AppliedTo filter in section API

Name Description Type Notes
DSAppliedToType Resource type valid for use as AppliedTo filter in section API string Enum: NSGroup, LogicalSwitch, LogicalRouter, LogicalPort

DSExcludeList (schema)

Exclusion List

List of entities excluded for enforcing a service or a feature.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
member_count Total Member Count

Total number of members present in Exclude List.		 integer Readonly
members Member list

List of members in Exclusion List		 array of ResourceReference Required
Maximum items: 1000
resource_type Must be set to the value DSExcludeList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DSInsertParameters (schema)

Parameters to tell where rule/section need to be added. All the params take rule/section Id.

Name Description Type Notes
id Identifier of the anchor rule or section. This is a required field in case operation like 'insert_before' and 'insert_after'. string Maximum length: 64
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

DSListRequestParameters (schema)

Parameters to filter list of sections/rules.

Pagination and Filtering parameters to get only a subset of sections/rules.

Name Description Type Notes
applied_tos AppliedTo's referenced by this section or section's Distributed Service Rules .

Where the Distributed Service Rules are applied.(used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
destinations Destinations referenced by this section's Distributed Service Rules .

The destination value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
filter_type Filter type

Filter type defines matching criteria to qualify a rule in result. Type
'FILTER' will ensure all criterias (sources, destinations, services,
extended sources, context profiles, appliedtos) are matched. Type
'SEARCH' will match any of the given criteria.
string Enum: FILTER, SEARCH
Default: "FILTER"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
services NSService referenced by this section's Distributed Service Rules .

Specifying this returns the Rules where this NSServiceElement is used (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
sort_ascending boolean
sort_by Field by which records are sorted string
sources Sources referenced by this section's Distributed Service Rules .

The source value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string

DSRule (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_owner Owner of this resource OwnerResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
action Action

Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures. ALLOW_CONTINUE - Allows rules to jump from this rule. Action on matching rules in the destination category will decide next step. Application is default destination until new categories are supported to jump to. DETECT_PREVENT - Detect and Prevent IDS Signatures.		 string Required
Enum: ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT, ALLOW_CONTINUE, DETECT_PREVENT
applied_tos AppliedTo List

List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination List

List of the destinations. Null will be treated as any.		 array of ResourceReference Maximum items: 128
destinations_excluded Negation of destination

Negation of the destination.		 boolean Default: "False"
direction Rule direction

Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.		 string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Rule enable/disable flag

Flag to disable rule. Disabled will only be persisted but never provisioned/realized.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Identifier of the resource string Readonly
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.		 string Enum: IPV4, IPV6, IPV4_IPV6
Default: "IPV4_IPV6"
is_default Default rule

Flag to indicate whether rule is default.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
notes Notes

User notes specific to the rule.		 string Maximum length: 2048
priority Rule priority

Priority of the rule.		 integer Readonly
resource_type Must be set to the value DSRule string
rule_tag Tag

User level field which will be printed in CLI and packet logs.		 string Maximum length: 32
sources Source List

List of sources. Null will be treated as any.		 array of ResourceReference Maximum items: 128
sources_excluded Negation of source

Negation of the source.		 boolean Default: "False"

DSRuleState (schema)

Rule Realization State

Rule Realization State

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
revision_desired Desired state revision number

This attribute represents revision number of rule's desired state.		 integer Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

DSSection (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_tos AppliedTo List

List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_default Default section flag

It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.		 boolean Readonly
resource_type Must be set to the value DSSection string
rule_count Rule count

Number of rules in this section.		 integer Readonly
section_type Section Type

Type of the rules which a section can contain. Only homogeneous sections are supported.		 string Required
Enum: LAYER2, LAYER3, L3REDIRECT, IDS
stateful Stateful nature of the distributed service rules in the section.

Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.		 boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DSSectionListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DSSectionQueryParameters (schema)

Section query parameters

Name Description Type Notes
cascade Flag to cascade delete of this object to all it's child objects. boolean Default: "False"

DSSectionState (schema)

Section Realization State

Section Realization Status

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
revision_desired Section's desired state revision number

This attribute represents revision number of section's desired state.		 integer Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

DSService (schema)

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
service Distributed Service Network and Security Service element

Distributed Service API accepts raw protocol and ports as part of NS service element
in Distributed Service Rule that describes traffic corresponding to an NSService.
NSServiceElement
(Abstract type: pass one of the following concrete types)
ALGTypeNSService
EtherTypeNSService
ICMPTypeNSService
IGMPTypeNSService
IPProtocolNSService
L4PortSetNSService
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

DVSConfig (schema) (Deprecated)

The DVS Configuration

Name Description Type Notes
host_infra_traffic_res Resource allocation associated with NiocProfile

host_infra_traffic_res specifies bandwidth allocation for
various traffic resources.
array of ResourceAllocation
lacp_group_configs Array of Link Aggregation Control Protocol (LACP) configuration

It contains information about VMware specific multiple dynamic LACP groups.
array of LacpGroupConfigInfo
lldp_send_enabled Enabled or disabled sending LLDP packets boolean Default: "False"
mtu Maximum Transmission Unit used for uplinks int Minimum: 1600
name The DVS name string Required
uplink_port_names Uplink port names

Names of uplink ports for this DVS.		 array of string Required
Minimum items: 1
uuid The DVS uuid string

DailyTelemetrySchedule (schema)

Name Description Type Notes
frequency_type Must be set to the value DailyTelemetrySchedule string Required
hour_of_day Hour at which data will be collected

Hour at which data will be collected. Specify a value between 0 through 23.
integer Required
Minimum: 0
Maximum: 23
minutes Minute at which data will be collected

Minute at which data will be collected. Specify a value between 0 through 59.
integer Minimum: 0
Maximum: 59
Default: "0"

DataCounter (schema)

Name Description Type Notes
dropped The dropped packets or bytes integer
multicast_broadcast The multicast and broadcast packets or bytes integer
total The total packets or bytes integer Required

DataSourceParameters (schema)

Name Description Type Notes
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

DataSourceType (schema)

Data source type.

Name Description Type Notes
DataSourceType Data source type. string Enum: realtime, cached

DataTypeCollectionConfiguration (schema)

Data type collection configuration

Name Description Type Notes
collection_frequency Data Collection Frequency In Seconds

The frequency in seconds at which data is collected		 integer Required
Minimum: 15
Maximum: 86400
data_type Data type

Defines the type of data being collected		 string Required
Enum: STATUS, STATISTICS

Datasource (schema)

Datasource Instance

An instance of a datasource configuration.

Name Description Type Notes
display_name Datasource instance's display name

Name of a datasource instance.		 string Required
Maximum length: 255
keystore_info Key Store Info

Key Store information for all the url aliases defined in datasource. Use this property if key store information is same for each url aliases in the datasource.		 KeyStoreInfo
urls Array of relative urls and their aliases

Array of urls relative to the datasource configuration. For example, api/v1/fabric/nodes is a relative url of nsx-manager instance.		 array of UrlAlias Required

DatetimeUTC (schema)

Datetime string in UTC

Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ'

Name Description Type Notes
DatetimeUTC Datetime string in UTC

Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ'		 string

DecryptionFailAction (schema)

TLS handshake fail action

Action to take when TLS handshake fails.

Name Description Type Notes
DecryptionFailAction TLS handshake fail action

Action to take when TLS handshake fails.		 string Readonly
Enum: BLOCK, BYPASS

DefaultFilterValue (schema)

Default filter values

An instance of a datasource configuration.

Name Description Type Notes
alias Filter alias

Filter alias.		 string Required
value Filter default value

Filter default value.		 string Required

DeleteMigrationDataFileSpec (schema)

Name Description Type Notes
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string
file_type Type of the Migration data file that needs to be deleted. string Required
Enum: VRA_INPUT, EDGE_CUTOVER_MAPPING, BYOT_L3_MAPPING, AVI_LB_MAPPING

DeleteRequestParameters (schema)

Parameters that affect how delete operations are processed

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

DependentServices (schema)

Name Description Type Notes
dependent_services List of firewall dependent services

List of firewall dependent services.		 array of string

DeploymentChecksAction (schema)

Pre/Post deployment check

Pre/Post deployment check.

Name Description Type Notes
action Pre/post deployment checks

Run pre/post deployment checks.
PRE_CHECKS - Run pre-check before deployment.
POST_CHECKS - Run post-check after deployment.
ABORT_CHECKS - Abort running pre/post deployement checks.
string Required
Enum: PRE_CHECKS, POST_CHECKS, ABORT_CHECKS

DeploymentChecksStatus (schema)

Pre/Post deployment status

Pre/Post deployment status.

Name Description Type Notes
description More detail about check

Show more information about pre/post check performed.
string
name Name of pre/post check

Name of pre/post check.		 string
reason Reason in case of pre/post check failure

Reason for failure of pre/post check.
Otherwise empty.
string
status Status of pre/post check

Status pre/post check.
SUCCESS - Successfully completed pre/post check.
FAILED - Failed pre/post check.
WARNING - Warning in pre/post check.
SKIPPED - Pre/post check skipped.
IN_PROGRESS - Pre/post check in progress.
STOPPING - Stopping pre/post check.
STOPPED - Pre/post check stopped.
NOT_STARTED - Pre/post check not started
string Enum: SUCCESS, FAILED, WARNING, SKIPPED, IN_PROGRESS, STOPPING, STOPPED, NOT_STARTED

DeploymentChecksStatusResult (schema)

List of pre/post check

List of pre/post check.

Name Description Type Notes
results Array of pre/post deployment checks

Array of pre/post deployment checks.		 array of DeploymentChecksStatus

DeploymentConfig (schema)

Name Description Type Notes
placement_type string Required
Enum: VsphereDeploymentConfig

DeploymentProgressStatus (schema)

Progress status of deployment/undeployment/upgrade

Progress status of deployment.

Name Description Type Notes
error_message Error message

Errors during deployment.
array of string
overall_status Progress status of deployment

Progress status of deployment.
DEPLOYMENT_IN_PROGRESS - Deployment in progress.
UNDEPLOYMENT_IN_PROGRESS - Undeployment in progress.
UPGRADE_IN_PROGRESS - Upgrade in progress.
UPDATE_IN_PROGRESS - Update in progress.
DEPLOYMENT_QUEUED - Deployment queued.
UNDEPLOYMENT_QUEUED - Undeployment queued.
UPDATE_QUEUED - Update queued.
DEPLOYMENT_SUCCESSFUL - Deployment successful.
UNDEPLOYMENT_SUCCESSFUL - Undeployment successful.
UPGRADE_SUCCESSFUL - Upgrade successful.
UPDATE_SUCCESSFUL - Update successful.
DEPLOYMENT_FAILED - Deployment failed.
UNDEPLOYMENT_FAILED - Undeployment failed.
UPGRADE_FAILED - Upgrade failed.
UPDATE_FAILED - Update failed.
NOT_DEPLOYED - Deployment pending.
string Required
Enum: DEPLOYMENT_IN_PROGRESS, UNDEPLOYMENT_IN_PROGRESS, UPGRADE_IN_PROGRESS, UPDATE_IN_PROGRESS, DEPLOYMENT_QUEUED, UNDEPLOYMENT_QUEUED, UPDATE_QUEUED, DEPLOYMENT_SUCCESSFUL, UNDEPLOYMENT_SUCCESSFUL, UPGRADE_SUCCESSFUL, UPDATE_SUCCESSFUL, DEPLOYMENT_FAILED, UNDEPLOYMENT_FAILED, UPGRADE_FAILED, UPDATE_FAILED, NOT_DEPLOYED
percentage Percentage completed

Percentage completed for deployment.
integer
progress_message Progress message

More information about progress.
string

DeploymentRegistry (schema)

NSX Application Platform registry template

Template for storing docker registry and helm url.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildDeploymentRegistry
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
docker_registry Docker url for containers

Docker url for containers.		 string Required
helm_repo Repo url to access helm chart

Repo url to access helm chart.		 string Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DeploymentRegistry string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DeploymentSpecName (schema)

Deployment spec to be used in upgrade

Used to provide the deployment spec for Upgrade.

Name Description Type Notes
deployment_spec_name Deployment Spec Name

This indicates the deployment spec.		 string Required
Readonly

DeploymentTemplate (schema)

Service Deployment Template

Deployment Template holds the attributes specific to partner for which the service is created. These attributes are opaque to NSX.

Name Description Type Notes
attributes Deployment Template attributes

List of attributes specific to a partner for which the service is created. There attributes are passed on to the partner appliance and is opaque to the NSX Manager.		 array of Attribute Maximum items: 128
name name

Deployment Template name.		 string

DeploymentVersionSpec (schema)

Deployment version

Deployment version with chart name

Name Description Type Notes
chart_name Deployment chart name

Deployment chart name.		 string
versions Deployment versions

List of deployment versions.		 string

DeploymentVersions (schema)

List of deployment versions

Different NSX Application Platform deployment versions.

Name Description Type Notes
versions Deployment versions

List of deployment versions.		 array of DeploymentVersionSpec

DeploymentZone (schema) (Deprecated)

Deployment zone

Logical grouping of enforcement points.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use Site.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildEnforcementPoint
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enforcement_points Logical grouping of enforcement points array of EnforcementPoint
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DeploymentZone string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DeploymentZoneListRequestParameters (schema) (Deprecated)

DeploymentZone list request parameters

DeploymentZone list request parameters.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use SiteListRequestParameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

DeploymentZoneListResult (schema) (Deprecated)

Paged Collection of Deployment Zones

Paged Collection of Deployment Zones.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use SiteListResult.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Deployment Zones array of DeploymentZone Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DestinationNsxApiEndpoint (schema)

Destination NSX manager details

Details about the destination NSX manager for the migration

Name Description Type Notes
destination_nsx_ip Destination NSX IP ddress or host name

IP address or host name of the destination NSX manager to which the config will be migrated.		 string Required
Format: hostname-or-ip
destination_nsx_password Password for destination NSX manager

Valid password for connecting to the destination NSX manager.		 string
destination_nsx_port Destination NSX manager port

Destination NSX manager port that will be used to apply details.		 int Default: "443"
destination_nsx_username Username for destination NSX manager

Valid username for connecting to the destination NSX manager.		 string

DetachClusterParameters (schema)

Name Description Type Notes
force string Enum: true, false
graceful-shutdown string Enum: true, false
Default: "false"
ignore-repository-ip-check string Enum: true, false
Default: "false"

DeviceNameAndMacAddrOfPnic (schema)

Device name and MAC address of pnic

Name Description Type Notes
device_name Device name of pnic string
mac_address MAC address of pnic string

DfwFirewallConfiguration (schema)

DFW Firewall related configurations

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildIdsSettings
ChildPolicyExcludeList
description Description of this resource string Maximum length: 1024
Sortable
disable_auto_drafts Auto draft disable flag

To disable auto drafts, set it to true.
By default, auto drafts are enabled.
boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_firewall Firewall enable flag

If set to true, Firewall is enabled.
boolean Default: "True"
global_addrset_mode_enabled A flag to indicate if global address set is enabled in DFW

When this flag is set to true, global address set is enabled in Distributed Firewall.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
idfw_enabled Identity firewall enable flag

If set to true, identity firewall is enabled.
boolean Default: "False"
idfw_event_log_scraper_enabled Enable event log scraping

Enables event log scraping for Identity firewall.
boolean Default: "False"
idfw_loginsight_enabled Enable Loginsight server for Identity Firewall

If set to true, collection of login/logout events from
Loginsight server is enabled.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DfwFirewallConfiguration string Required
Enum: DfwFirewallConfiguration
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DhGroup (schema)

Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared
keys between IPSec VPN initiator and responder over an
unsecured network.
GROUP2 uses 1048-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
GROUP19 uses 256-bit Random Elliptic Curve (ECP) group.
GROUP20 uses 384-bit Random ECP group.
GROUP21 uses 521-bit Random ECP group.

Name Description Type Notes
DhGroup Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared
keys between IPSec VPN initiator and responder over an
unsecured network.
GROUP2 uses 1048-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
GROUP19 uses 256-bit Random Elliptic Curve (ECP) group.
GROUP20 uses 384-bit Random ECP group.
GROUP21 uses 521-bit Random ECP group.
string Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21

DhcpDeleteLeaseRequestParameters (schema)

Name Description Type Notes
ip IPAddress Required
mac MACAddress Required

DhcpDeleteLeases (schema)

List of DHCP leases to be deleted

Name Description Type Notes
leases List of DHCP leases array of DhcpDeleteLeaseRequestParameters Required
Minimum items: 1
Maximum items: 100

DhcpFilter (schema) (Deprecated)

DHCP filtering configuration

Name Description Type Notes
client_block_enabled Indicates whether DHCP client blocking is enabled boolean Required
server_block_enabled Indicates whether DHCP server blocking is enabled boolean Required
v6_client_block_enabled Indiactes whether DHCP v6 client blocking is enabled boolean Default: "False"
v6_server_block_enabled Indiactes whether DHCP V6 server blocking is enabled boolean Default: "False"

DhcpHeader (schema)

Name Description Type Notes
op_code Message op code / message type

This is used to specify the general type of message. A client sending request to a server uses an op code of BOOTREQUEST, while a server replying uses an op code of BOOTREPLY.		 string Enum: BOOTREQUEST, BOOTREPLY
Default: "BOOTREQUEST"

DhcpIpPool (schema) (Deprecated)

DHCP ip-pool

DHCP ip-pool to define dynamic ip allocation ranges.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allocation_ranges Ip-ranges

Ip-ranges to define dynamic ip allocation ranges.		 array of IpPoolRange Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_threshold Error threshold, valid [80-100], default 100

Error threshold. Alert will be raised if the pool usage reaches the
given threshold.
integer Minimum: 80
Maximum: 100
Default: "100"
gateway_ip Gateway ip

Gateway ip address of the allocation.		 IPAddress
id Unique identifier of this resource string Sortable
lease_time Lease time

Lease time, in seconds, [60-(2^32-1)]. Default is 86400.		 integer Minimum: 60
Maximum: 4294967295
Default: "86400"
options DHCP options

If an option is defined at server level and not configred at
ip-pool/static-binding level, the option will be inherited to
ip-pool/static-binding. If both define a same-code option, the
option defined at ip-pool/static-binding level take precedence
over that defined at server level.
DhcpOptions
resource_type Must be set to the value DhcpIpPool string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
warning_threshold Warning threshold, valid [50-80], default 80

Warning threshold. Alert will be raised if the pool usage reaches the
given threshold.
integer Minimum: 50
Maximum: 80
Default: "80"

DhcpIpPoolListResult (schema) (Deprecated)

A list of DHCP ip pools

A paginated list of DHCP ip pools.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DHCP ip pools

A paginated list of DHCP ip pools.		 array of DhcpIpPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpIpPoolUsage (schema) (Deprecated)

Name Description Type Notes
allocated_number allocated number. COULD BE INACCURATE, REFERENCE ONLY. integer Required
allocated_percentage allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. integer Required
dhcp_ip_pool_id uuid of dhcp ip pool string Required
pool_size pool size integer Required

DhcpLeasePerIP (schema) (Deprecated)

Name Description Type Notes
expire_time expire time of the lease string
ip_address ip address of client string Required
lease_time lease time of the ip address, in seconds string
mac_address mac address of client string Required
start_time start time of lease string Required
subnet subnet of client network string

DhcpLeaseRequestParameters (schema) (Deprecated)

Name Description Type Notes
address can be an ip address, or an ip range, or a mac address string
pool_id The uuid of dhcp ip pool string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

DhcpLeases (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
dhcp_server_id dhcp server uuid string
leases The lease info list of the server array of DhcpLeasePerIP Minimum items: 0
Maximum items: 65535
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
timestamp timestamp of the lease info EpochMsTimestamp

DhcpLeasesResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
connectivity_path Policy path to Segment, Tier0 or Tier1 gateway

Policy path to Segment, Tier0 or Tier1 gateway where DHCP server
is attached.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
dhcp_server_id dhcp server uuid string
leases The lease info list of the server array of DhcpLeasePerIP Minimum items: 0
Maximum items: 65535
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
timestamp timestamp of the lease info EpochMsTimestamp

DhcpOption121 (schema) (Deprecated)

DHCP option 121

DHCP option 121 to define classless static route.

Name Description Type Notes
static_routes DHCP classless static routes

Classless static route of DHCP option 121.		 array of ClasslessStaticRoute Required
Minimum items: 1
Maximum items: 27

DhcpOptions (schema) (Deprecated)

DHCP options

Define DHCP options of the DHCP service.

Name Description Type Notes
option121 Option 121

DHCP option 121 to define classless static routes. Once Option 121
was defined, Option 249 will be auto-generated because they are
equivalent.
DhcpOption121
others Generic DHCP options other than option 121

To define DHCP options other than option 121 in generic format.
Please note, only the following options can be defined in generic
format. Those other options will be accepted without validation
but will not take effect.
--------------------------
Code Name
--------------------------
2 Time Offset
6 Domain Name Server
13 Boot File Size
19 Forward On/Off
26 MTU Interface
28 Broadcast Address
35 ARP Timeout
40 NIS Domain
41 NIS Servers
42 NTP Servers
44 NETBIOS Name Srv
45 NETBIOS Dist Srv
46 NETBIOS Node Type
47 NETBIOS Scope
58 Renewal Time
59 Rebinding Time
64 NIS+-Domain-Name
65 NIS+-Server-Addr
66 TFTP Server-Name (used by PXE)
67 Bootfile-Name (used by PXE)
93 PXE: Client system architecture
94 PXE: Client NDI
97 PXE: UUID/UNDI
117 Name Service Search
119 Domain Search
150 TFTP server address (used by PXE)
175 Etherboot
209 PXE Configuration File
210 PXE Path Prefix
211 PXE Reboot Time
array of GenericDhcpOption Minimum items: 0
Maximum items: 255

DhcpProfile (schema) (Deprecated)

DHCP profile to specify edge cluster and members

DHCP profile to specify edge cluster and members on which the dhcp server
will run. A DhcpProfile can be referenced by different logical DHCP servers.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_id Edge cluster uuid

Edge cluster uuid on which the referencing logical DHCP server runs.
string Required
edge_cluster_member_indexes Edge node indexes

The Edge nodes on which the DHCP servers run. If none is provided, the
NSX will auto-select two edge-nodes from the given edge cluster. If only
one edge node is provided, the DHCP servers will run without HA support.
array of integer Minimum items: 0
Maximum items: 2
enable_standby_relocation Flag to enable standby DHCP server relocation

Flag to enable the auto-relocation of standby DHCP Service in case
of edge node failure. Only tier 1 and auto placed DHCP servers are
considered for the relocation.
boolean Default: "False"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value DhcpProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DhcpProfileListResult (schema) (Deprecated)

A list of DHCP profiles

A paginated list of DHCP profiles.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DHCP profiles

A paginated list of logical DHCP profiles.		 array of DhcpProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpRelayConfig (schema)

DHCP relay configuration

DHCP relay configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-relay-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DhcpRelayConfig string
server_addresses DHCP relay addresses

DHCP server IP addresses for DHCP relay configuration.
Both IPv4 and IPv6 addresses are supported.
array of IPAddress Required
Maximum items: 8
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DhcpRelayConfigListResult (schema)

Paged collection of DhcpRelayConfigs

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results DhcpRelayConfig results array of DhcpRelayConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpRelayProfile (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value DhcpRelayProfile string
server_addresses array of IPAddress Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DhcpRelayProfileListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Dhcp relay profile list results array of DhcpRelayProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpRelayService (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
dhcp_relay_profile_id dhcp relay profile referenced by the dhcp relay service string Required
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value DhcpRelayService string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DhcpRelayServiceListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Dhcp relay service list results array of DhcpRelayService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpServerConfig (schema)

DHCP server configuration

DHCP server configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-server-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_path Edge cluster path

The reference to the edge cluster using the policy path of the edge cluster.
Auto assigned if only one edge cluster is configured
on enforcement-point.
Modifying edge cluster will reallocate DHCP server to the new edge cluster.
Please note that re-allocating edge-cluster will result in losing of all exisitng
DHCP lease information.
Change edge cluster only when losing DHCP leases is not a real problem,
e.g. cross-site migration or failover and all client hosts will be reboot and
get new IP addresses.
string
id Unique identifier of this resource string Sortable
lease_time IP address lease time in seconds

IP address lease time in seconds.
integer Minimum: 60
Maximum: 4294967295
Default: "86400"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
preferred_edge_paths Edge node path

Policy paths to edge nodes on which the DHCP servers run. The first edge node
is assigned as active edge, and second one as stanby edge. If only one edge node
is specified, the DHCP servers will run without HA support.
When this property is not specified, edge nodes are auto-assigned during
realization of the DHCP server.
array of string Maximum items: 2
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DhcpServerConfig string
server_address DHCP server address in CIDR format

DHCP server address in CIDR format. Prefix length should be less than
or equal to 30. DHCP server is deployed as DHCP relay service.
This property is deprecated, use server_addresses instead. Both
properties cannot be specified together with different new values.
string Deprecated
Format: ip-cidr-block
server_addresses DHCP server address in CIDR format

DHCP server address in CIDR format. Both IPv4 and IPv6 address families
are supported.
Prefix length should be less than or equal to 30 for IPv4 address
family and less than or equal to 126 for IPv6.
When not specified, IPv4 value is auto-assigned to 100.96.0.1/30.
Ignored when this object is configured at a Segment.
array of string Maximum items: 2
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DhcpServerConfigListResult (schema)

Paged collection of DhcpServerConfigs

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results DhcpServerConfig results array of DhcpServerConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpServerLeaseRequestParameters (schema)

DHCP server lease request parameters

Name Description Type Notes
address IP or MAC address

IP address, IP range or MAC address to retrieve specific lease
information.
Either a "address" or a "segment_path" can be provided, but not both
in the same call.
string
connectivity_path String Path of Tier0, Tier1 or Segment

String Path of Tier0, Tier1 or Segment where DHCP server is deployed.
Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway.
Segment path must be specified for local DHCP server configuration.
string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

Enforcement point path. Required when multiple enforcement points are
configured.
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
segment_path Segment path to retrieve lease information

Segment path to retrieve lease information.
Either a "address" or a "segment_path" can be provided, but not both
in the same call.
string
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source

The data source, either realtime or cached. If not provided, cached
data is returned.
DataSourceType

DhcpServerRequestParameters (schema)

DHCP server list request parameters

Name Description Type Notes
connectivity_path String Path of Tier0, Tier1 or Segment

String Path of Tier0, Tier1 or Segment where DHCP server is deployed.
Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway.
Segment path must be specified for local DHCP server configuration.
string Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

Enforcement point path. Required when multiple enforcement points are
configured.
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

DhcpServerState (schema)

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

DhcpServerStatistics (schema)

Name Description Type Notes
acks The total number of DHCP ACK packets integer Required
declines The total number of DHCP DECLINE packets integer Required
dhcp_server_id dhcp server uuid string Required
discovers The total number of DHCP DISCOVER packets integer Required
errors The total number of DHCP errors integer Required
informs The total number of DHCP INFORM packets integer Required
ip_pool_stats The DHCP ip pool usage statistics array of DhcpIpPoolUsage
nacks The total number of DHCP NACK packets integer Required
offers The total number of DHCP OFFER packets integer Required
releases The total number of DHCP RELEASE packets integer Required
requests The total number of DHCP REQUEST packets integer Required
timestamp timestamp of the statistics EpochMsTimestamp Required

DhcpServerStatus (schema) (Deprecated)

Name Description Type Notes
active_node uuid of active transport node string Required
error_message Error message, if available string
service_status UP means the dhcp service is working fine on both active transport-node
and stand-by transport-node (if have), hence fail-over can work at this
time if there is failure happens on one of the transport-node;
DOWN means the dhcp service is down on both active transport-node and
stand-by node (if have), hence the dhcp-service will not repsonse any
dhcp request;
Error means error happens on transport-node(s) or no status is reported from
transport-node(s). The dhcp service may be working (or not working);
NO_STANDBY means dhcp service is working in one of the transport node while
not in the other transport-node (if have). Hence if the dhcp service in
the working transport-node is down, fail-over will not happen and the
dhcp service will go down.
string Required
Enum: UP, DOWN, ERROR, NO_STANDBY
stand_by_node uuid of stand_by transport node. null if non-HA mode string

DhcpStaticBinding (schema) (Deprecated)

DHCP static binding

DHCP static binding to define a static ip allocation.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
gateway_ip Gateway ip

Gateway ip address of the allocation.		 IPAddress
host_name Host name

The host name to be assigned to the host.		 string Format: hostname
id Unique identifier of this resource string Sortable
ip_address Ip address

The ip address to be assigned to the host.		 IPAddress Required
lease_time Lease time

Lease time, in seconds, [60-(2^32-1)]. Default is 86400.		 integer Minimum: 60
Maximum: 4294967295
Default: "86400"
mac_address MAC address

The MAC address of the host.		 MACAddress Required
options DHCP options

If an option is defined at server level and not configred at
ip-pool/static-binding level, the option will be inherited to
ip-pool/static-binding. If both define a same-code option, the
option defined at ip-pool/static-binding level take precedence
over that defined at server level.
DhcpOptions
resource_type Must be set to the value DhcpStaticBinding string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DhcpStaticBindingConfig (schema)

Base class for DHCP options

DHCP IPv4 and IPv6 static bindings are extended from this abstract class.
This is an abstract type. Concrete child types:
DhcpV4StaticBindingConfig
DhcpV6StaticBindingConfig

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DhcpStaticBindingConfig string Required
Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DhcpStaticBindingConfigListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DhcpStaticBindingConfig array of DhcpStaticBindingConfig
(Abstract type: pass one of the following concrete types)
DhcpV4StaticBindingConfig
DhcpV6StaticBindingConfig		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpStaticBindingListResult (schema) (Deprecated)

A list of DHCP static bindings

A paginated list of DHCP static bindings.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DHCP static bindings

A paginated list of DHCP static bindings.		 array of DhcpStaticBinding Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpStaticBindingState (schema)

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

DhcpStatistics (schema) (Deprecated)

Name Description Type Notes
acks The total number of DHCP ACK packets integer Required
declines The total number of DHCP DECLINE packets integer Required
dhcp_server_id dhcp server uuid string Required
discovers The total number of DHCP DISCOVER packets integer Required
errors The total number of DHCP errors integer Required
informs The total number of DHCP INFORM packets integer Required
ip_pool_stats The DHCP ip pool usage statistics array of DhcpIpPoolUsage
nacks The total number of DHCP NACK packets integer Required
offers The total number of DHCP OFFER packets integer Required
releases The total number of DHCP RELEASE packets integer Required
requests The total number of DHCP REQUEST packets integer Required
timestamp timestamp of the statistics EpochMsTimestamp Required

DhcpV4Options (schema)

DHCP options for IPv4 address family

DHCP options for IPv4 server.

Name Description Type Notes
option121 DHCP option 121

DHCP option 121 to define classless static routes.
DhcpOption121
others Other DHCP options

To define DHCP options other than option 121 in generic format.
Please note, only the following options can be defined in generic
format. Those other options will be accepted without validation
but will not take effect.
--------------------------
Code Name
--------------------------
2 Time Offset
6 Domain Name Server
13 Boot File Size
19 Forward On/Off
26 MTU Interface
28 Broadcast Address
35 ARP Timeout
40 NIS Domain
41 NIS Servers
42 NTP Servers
44 NETBIOS Name Srv
45 NETBIOS Dist Srv
46 NETBIOS Node Type
47 NETBIOS Scope
58 Renewal Time
59 Rebinding Time
64 NIS+-Domain-Name
65 NIS+-Server-Addr
66 TFTP Server-Name (used by PXE)
67 Bootfile-Name (used by PXE)
93 PXE: Client system architecture
94 PXE: Client NDI
97 PXE: UUID/UNDI
117 Name Service Search
119 Domain Search
150 TFTP server address (used by PXE)
175 Etherboot
209 PXE Configuration File
210 PXE Path Prefix
211 PXE Reboot Time
array of GenericDhcpOption Minimum items: 0
Maximum items: 255

DhcpV4StaticBindingConfig (schema)

DHCP static binding

DHCP IPv4 static bindings are configured for each segment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
gateway_address Gateway IP address

When not specified, gateway address is auto-assigned from segment
configuration.
IPv4Address
host_name Host name

Hostname to assign to the host.
string Maximum length: 63
id Unique identifier of this resource string Sortable
ip_address IP assigned to host

IP assigned to host. The IP address must belong to the subnet, if any,
configured on Segment.
IPv4Address Required
lease_time Lease time

DHCP lease time in seconds.
integer Minimum: 60
Maximum: 4294967295
Default: "86400"
mac_address MAC address of host

MAC address of the host.
MACAddress Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
options DHCP options

IPv4 DHCP options.
DhcpV4Options
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DhcpV4StaticBindingConfig string Required
Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DhcpV6InfoBase (schema) (Deprecated)

Base type of IPv6 ip-allocation

Base type of IPv6 ip-allocation extended by ip-pool and static-binding.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_nameservers DNS ips

Primary and secondary DNS server address to assign host. They can be
overridden by ip-pool or static-binding level property.
array of IPv6Address Minimum items: 0
Maximum items: 2
domain_names Domain name

Host name or prefix to be assigned to host. It can be overridden by
ip-pool or static-binding level property.
array of string
id Unique identifier of this resource string Sortable
lease_time Lease time

Lease time, in seconds.		 integer Minimum: 60
Maximum: 4294967295
Default: "86400"
preferred_time Preferred time

Preferred time, in seconds. If this value is not provided, the value
of lease_time*0.8 will be used.
integer Minimum: 48
Maximum: 4294967295
resource_type Must be set to the value DhcpV6InfoBase string
sntp_servers SNTP server ips

SNTP server ips.		 array of IPv6Address Minimum items: 0
Maximum items: 2
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DhcpV6IpPool (schema) (Deprecated)

DHCP IPv6 ip pool

DHCP IPv6 ip pool to define dynamic ip allocation ranges.
The DhcpV6IpPool would only provide stateless DHCP (domain search list,
DNS servers, SNTP servers) to client if both the ranges and excluded_ranges
are not specified.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_nameservers DNS ips

Primary and secondary DNS server address to assign host. They can be
overridden by ip-pool or static-binding level property.
array of IPv6Address Minimum items: 0
Maximum items: 2
domain_names Domain name

Host name or prefix to be assigned to host. It can be overridden by
ip-pool or static-binding level property.
array of string
excluded_ranges Excluded range of IPv6 addresses

Excluded addresses to define dynamic ip allocation ranges.		 array of IpPoolRange Minimum items: 0
Maximum items: 128
id Unique identifier of this resource string Sortable
lease_time Lease time

Lease time, in seconds.		 integer Minimum: 60
Maximum: 4294967295
Default: "86400"
preferred_time Preferred time

Preferred time, in seconds. If this value is not provided, the value
of lease_time*0.8 will be used.
integer Minimum: 48
Maximum: 4294967295
ranges Ip address ranges

Ip address ranges to define dynamic ip allocation ranges.		 array of IpPoolRange Minimum items: 0
Maximum items: 128
resource_type Must be set to the value DhcpV6IpPool string
sntp_servers SNTP server ips

SNTP server ips.		 array of IPv6Address Minimum items: 0
Maximum items: 2
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DhcpV6IpPoolListResult (schema) (Deprecated)

A list of DHCP IPv6 ip pools

A paginated list of DHCP IPv6 ip pools.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DHCP IPv6 ip pools

A paginated list of DHCP IPv6 ip pools.		 array of DhcpV6IpPool
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DhcpV6StaticBinding (schema) (Deprecated)

DHCP IPv6 static binding

DHCP IPv6 static binding to define a static ip allocation.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_nameservers DNS ips

Primary and secondary DNS server address to assign host. They can be
overridden by ip-pool or static-binding level property.
array of IPv6Address Minimum items: 0
Maximum items: 2
domain_names Domain name

Host name or prefix to be assigned to host. It can be overridden by
ip-pool or static-binding level property.
array of string
id Unique identifier of this resource string Sortable
ip_addresses Ip address list

When not specified, no ip address will be assigned to client host.		 array of IPv6Address Minimum items: 0
Maximum items: 1
lease_time Lease time

Lease time, in seconds.		 integer Minimum: 60
Maximum: 4294967295
Default: "86400"
mac_address MAC address

The MAC address of the host. Either client-duid or mac-address,
but not both.
MACAddress
preferred_time Preferred time

Preferred time, in seconds. If this value is not provided, the value
of lease_time*0.8 will be used.
integer Minimum: 48
Maximum: 4294967295
resource_type Must be set to the value DhcpV6StaticBinding string
sntp_servers SNTP server ips

SNTP server ips.		 array of IPv6Address Minimum items: 0
Maximum items: 2
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DhcpV6StaticBindingConfig (schema)

DHCP static binding

DHCP IPv6 static bindings are configured for each segment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_nameservers DNS nameservers to be set to client host

When not specified, no DNS nameserver will be set to client host.
array of string Minimum items: 0
Maximum items: 2
domain_names Domain names to be assigned to client host

When not specified, no domain name will be assigned to client host.
array of string
id Unique identifier of this resource string Sortable
ip_addresses IP addresses to be assigned to client host

When not specified, no ip address will be assigned to client host.
array of IPv6Address Minimum items: 0
Maximum items: 1
lease_time Lease time

Lease time, in seconds.		 integer Minimum: 60
Maximum: 4294967295
Default: "86400"
mac_address MAC address

The MAC address of the client host. Either client-duid or mac-address,
but not both.
MACAddress Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
preferred_time Preferred time

Preferred time, in seconds. If this value is not provided, the value
of lease_time*0.8 will be used.
integer Minimum: 48
Maximum: 4294967295
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DhcpV6StaticBindingConfig string Required
Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig
sntp_servers SNTP server ips

SNTP server IP addresses.		 array of IPv6Address Minimum items: 0
Maximum items: 2
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DhcpV6StaticBindingListResult (schema) (Deprecated)

A list of DHCP IPv6 static bindings

A paginated list of DHCP IPv6 static bindings.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DHCP IPv6 static bindings

A paginated list of DHCP IPv6 static bindings.		 array of DhcpV6StaticBinding
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Dhcpv6Header (schema)

Name Description Type Notes
msg_type DHCP message type

This is used to specify the DHCP v6 message. To request the assignment of one or more IPv6 addresses, a client first locates a DHCP server and then requests the assignment of addresses and other configuration information from the server. The client sends a Solicit message to the All_DHCP_Relay_Agents_and_Servers address to find available DHCP servers. Any server that can meet the client's requirements responds with an Advertise message. The client then chooses one of the servers and sends a Request message to the server asking for confirmed assignment of addresses and other configuration information. The server responds with a Reply message that contains the confirmed addresses and configuration. SOLICIT - A client sends a Solicit message to locate servers. ADVERTISE - A server sends and Advertise message to indicate that it is available. REQUEST - A client sends a Request message to request configuration parameters. REPLY - A server sends a Reply message containing assigned addresses and configuration parameters.		 string Enum: SOLICIT, ADVERTISE, REQUEST, REPLY
Default: "SOLICIT"

DirectionType (schema) (Deprecated)

port mirroring direction

Name Description Type Notes
DirectionType port mirroring direction string Deprecated
Enum: INGRESS, EGRESS, BIDIRECTIONAL
Default: "BIDIRECTIONAL"

DirectoryAdDomain (schema)

Active Directory Domain

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
base_distinguished_name Directory domain base distinguished name

Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
event_log_servers Event Log server of directory domain

Directory domain Event Log server's information including host, name, protocol and so on.		 array of DirectoryEventLogServer Readonly
Maximum items: 50
id Unique identifier of this resource string Sortable
ldap_servers LDAP server of directory domain

Directory domain LDAP servers' information including host, name, port, protocol and so on.		 array of DirectoryLdapServer Required
Maximum items: 50
name Directory domain name

Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.		 string Required
netbios_name Directory domain NETBIOS name

NetBIOS names can contain all alphanumeric characters except for the certain disallowed characters. Names can contain a period, but names cannot start with a period. NetBIOS is similar to DNS in that it can serve as a directory service, but more limited as it has no provisions for a name hierarchy and names are limited to 15 characters. The netbios name is case insensitive and is stored in upper case regardless of input case.		 string Required
resource_type Must be set to the value DirectoryAdDomain string Required
Enum: DirectoryAdDomain
selective_sync_settings SelectiveSync settings

SelectiveSync settings toggle the SelectiveSync feature and
selected OrgUnits. If this is not specified, SelectiveSync is
disabled by default.
SelectiveSyncSettings
sync_settings Directory domain sync settings

Each domain sync settings can be changed using this object. It is not required since there are default values used if there is no specification for this object.		 DirectoryDomainSyncSettings
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DirectoryAdGroup (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
distinguished_name Directory group distinguished name string Required
domain_id Domain id

Domain ID this directory group belongs to.		 string Required
domain_name Directory domain distinguished name

Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head.		 string Required
domain_sync_node_id Domain synchronization root node id

Domain sync node under which this directory group is located. We currently sync only from Root node and hence this attribute doesn't have a specific value set.		 string
id Unique identifier of this resource string Sortable
object_guid Active directory group object guid

GUID is a 128-bit value that is unique not only in the enterprise but also across the world. GUIDs are assigned to every object created by Active Directory, not just User and Group objects.		 string Required
resource_type Must be set to the value DirectoryAdGroup string Required
secure_id Active directory group secure id

A security identifier (SID) is a unique value of variable length used to identify a trustee. A SID consists of the following components - The revision level of the SID structure; A 48-bit identifier authority value that identifies the authority that issued the SID; A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID.		 string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DirectoryDomain (schema)

Directory Domain

This is an abstract type. Concrete child types:
DirectoryAdDomain

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
event_log_servers Event Log server of directory domain

Directory domain Event Log server's information including host, name, protocol and so on.		 array of DirectoryEventLogServer Readonly
Maximum items: 50
id Unique identifier of this resource string Sortable
ldap_servers LDAP server of directory domain

Directory domain LDAP servers' information including host, name, port, protocol and so on.		 array of DirectoryLdapServer Required
Maximum items: 50
name Directory domain name

Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.		 string Required
resource_type Must be set to the value DirectoryDomain string Required
Enum: DirectoryAdDomain
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DirectoryDomainListResults (schema)

List of Directory Domain

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Directory Domains array of DirectoryDomain
(Abstract type: pass one of the following concrete types)
DirectoryAdDomain		 Required
Maximum items: 500
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DirectoryDomainSize (schema)

Size of Directory Domain

Name Description Type Notes
group_count Number of groups int Readonly
group_member_count Number of group members int Readonly
user_count Number of users int Readonly

DirectoryDomainSyncRequest (schema)

Directory domain synchronization request

Name Description Type Notes
action Sync type requested

Sync type could be either FULL sync or DELTA sync. The full sync fetches all the objects under the configured sync nodes while delta sync will get the changed objects from previous sync time.		 string Required
Enum: FULL_SYNC, DELTA_SYNC, STOP_SYNC
delay Request to execute the sync with some delay in seconds

The delay can be added to execute the sync action in the future.		 integer Minimum: 0
Default: "0"

DirectoryDomainSyncSettings (schema)

Domain synchronization settings

Name Description Type Notes
delta_sync_interval Delta synchronization inverval in minutes

Directory domain delta synchronization interval time between two delta sync in minutes.		 integer Minimum: 5
Maximum: 720
Default: "180"
full_sync_cron_expr Full synchronization cron expression

Directory domain full synchronization schedule using cron expression. For example, cron expression "0 0 12 ? * SUN *" means full sync is scheduled every Sunday midnight. If this object is null, it means there is no background cron job running for full sync.		 string
sync_delay_in_sec Sync delay (in second).

Sync delay after Directory domain has been successfully created.
if delay is -1, initial full sync will not be triggered.
int Minimum: -1
Maximum: 600
Default: "30"

DirectoryDomainSyncStats (schema)

Directory domain synchronization statistics

Name Description Type Notes
avg_delta_sync_time Average time spent for all historical delta sync

All the historical delta sync are counted in calculating the average delta sync time in milliseconds.		 integer Readonly
avg_full_sync_time Average time spent for all historical full sync

All the historical full sync are counted in calculating the average full sync time in milliseconds.		 integer Readonly
current_state Current state of directory domain sync context

Current running state of the directory domain in synchronization life cycle. It could be one of the following five states. SELECTIVE_FULL_SYNC and SELECTIVE_DELTA_SYNC are sync states for selective sync.		 string Required
Readonly
Enum: IDLE, FULL_SYNC, DELTA_SYNC, SELECTIVE_FULL_SYNC, SELECTIVE_DELTA_SYNC
current_state_begin_time Current state elapsed time

Since what time the current state has begun. The time is expressed in millisecond epoch time.		 EpochMsTimestamp Required
Readonly
num_delta_sync Total number of successful delta sync

number of successful historical delta sync initiated either by system or by API request.		 integer Readonly
num_full_sync Total number of successful full sync

number of successful historical full sync initiated either by system or by API request.		 integer Readonly
prev_sync_end_time Previous sync ended time

Directory domain previous sync ending time expressed in millisecond epoch time.		 EpochMsTimestamp Required
Readonly
prev_sync_error Previous sync error

Directory domain previous sync status error if last status was failure.		 string Readonly
prev_sync_status Previous sync status

Directory domain previous sync status. It could be one of the following two states.		 string Required
Readonly
Enum: SUCCESS, FAILURE, UNKNOWN
prev_sync_type Previous sync type

Directory domain previous sync type. It could be one of the following five states. Right after the directory domain is configured, this field is set to IDLE.		 string Required
Readonly
Enum: IDLE, FULL_SYNC, DELTA_SYNC, SELECTIVE_FULL_SYNC, SELECTIVE_DELTA_SYNC

DirectoryDomanDeleteRequestParameters (schema)

Directory domain delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

DirectoryEventLogServer (schema)

Event log server of directory domain

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domain_name Directory domain name

Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.		 string
host Event log server host name

Directory Event Log server DNS host name or ip address which is reachable by NSX manager to be connected and do event fetching.		 string Required
Format: hostname-or-ip
id Unique identifier of this resource string Sortable
password Event log server password

Directory event log server connection password.		 string
resource_type Must be set to the value DirectoryEventLogServer string
status Event log server connection status

Event log server connection status object		 DirectoryEventLogServerStatus
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
username Event log server username

Directory event log server connection user name.		 string

DirectoryEventLogServerStatus (schema)

Event log server connection status

Name Description Type Notes
error_message Additional optional detail error message string Readonly
last_event_record_id Last event record ID

Last event record ID is an opaque integer value that shows the last successfully received event from event log server.		 integer Readonly
last_event_time_created Time when last event record ID was received

Time of last successfully received and record event from event log server.		 EpochMsTimestamp Readonly
last_polling_time Last polling time EpochMsTimestamp Readonly
status Current connection status of event log server

Connection status:
OK: All OK
ERROR: Generic error
string Required
Readonly
Enum: OK, ERROR

DirectoryGroup (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
distinguished_name Directory group distinguished name string Required
domain_id Domain id

Domain ID this directory group belongs to.		 string Required
domain_name Directory domain distinguished name

Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head.		 string Required
domain_sync_node_id Domain synchronization root node id

Domain sync node under which this directory group is located. We currently sync only from Root node and hence this attribute doesn't have a specific value set.		 string
id Unique identifier of this resource string Sortable
resource_type Must be set to the value DirectoryGroup string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DirectoryGroupListResults (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Directory group list array of DirectoryGroup
(Abstract type: pass one of the following concrete types)
DirectoryAdGroup
DirectoryGroup		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DirectoryGroupMember (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
group_distinguished_name Group distinguished name

Directory group distinguished name this group member belongs to.		 string Required
group_id Group idnetifier

Directory group id this group member belongs to		 string Required
id Unique identifier of this resource string Sortable
member_group_distinguished_name Member group distinguished name

Directory group name this group member owns		 string Required
member_group_id Member group idnetifier

Directory group id this group member owns		 string Required
nested Nesting flag

Whether this member group is a directory member of the parent group speicified by group_id or a nested member group which parent group is also member group of the parent group speicified by group_id.		 boolean Required
resource_type Must be set to the value DirectoryGroupMember string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DirectoryGroupMemberListResults (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Directory group member list array of DirectoryGroupMember Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DirectoryLdapServer (schema)

LDAP server of directory domain

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domain_name Directory domain name

Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.		 string
host LDAP server host name

Directory LDAP server DNS host name or ip address which is reachable by NSX manager to be connected and do object synchronization.		 string Required
Format: hostname-or-ip
id Unique identifier of this resource string Sortable
password LDAP server password

Directory LDAP server connection password.		 string
port LDAP server TCP/UDP port

Directory LDAP server connection TCP/UDP port.		 integer Default: "389"
protocol LDAP server protocol

Directory LDAP server connection protocol which is either LDAP or LDAPS.		 string Enum: LDAP, LDAPS
Default: "LDAP"
resource_type Must be set to the value DirectoryLdapServer string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
thumbprint LDAP server certificate thumbprint using SHA-256 algorithm

Directory LDAP server certificate thumbprint used in secure LDAPS connection.		 string
username LDAP server username

Directory LDAP server connection user name.		 string

DirectoryLdapServerListResults (schema)

List of directory domain LDAP servers

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of directory domain LDAP servers array of DirectoryLdapServer Required
Maximum items: 50
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DirectoryLdapServerStatus (schema)

Status LDAP server of directory domain

Name Description Type Notes
error_id Error ID of the directory LDAP server status

Error ID of the directory LDAP server status maintained by the NSX directory service.		 integer
error_message Error message of the directory LDAP server status

Error message of the directory LDAP server status maintained by the NSX directory service.		 string

DirectoryLdapServerTestParameters (schema)

Parameters for performing LDAP server test

Name Description Type Notes
action LDAP server test requested

Type of LDAP server test to perform.		 string Required
Enum: CONNECTIVITY

DirectoryOrgUnit (schema)

Organization Unit

Name Description Type Notes
children List of children Organization Units

List of children Organization Units if any.
array of DirectoryOrgUnit Required
Maximum items: 500
distinguished_name Distinguished name

Distinguished name of the organization unit.		 string Required
name Organization Unit name

Organization Unit name.		 string Required

DirectoryOrgUnitListResults (schema)

List of organization units

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of Organization Units array of DirectoryOrgUnit Required
Maximum items: 500
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DirectorySearchFilterValue (schema)

Searching domain entities using a matching filter value

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
filter_value Name search filter value

Search filter value is a substring match pattern only which the target entity contains. It is case insentive and doesn't allow wildcard.		 string Required
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

DiscoveredNode (schema)

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
certificate Certificate of the discovered node string
cm_local_id Local Id of the discovered node in the Compute Manager string Required
Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External id of the discovered node, ex. a mo-ref from VC string Required
Readonly
hardware_id Hardware Id of the discovered node

Hardware Id is generated using system hardware info. It is used to retrieve fabric node of the esx.		 string Readonly
ip_addresses IP Addresses of the the discovered node. array of IPAddress Required
Readonly
node_type Discovered Node type like Host string Required
Readonly
origin_id Id of the compute manager from where this node was discovered string Required
Readonly
origin_properties Key-Value map of additional specific properties of discovered node in the Compute Manager array of KeyValuePair Readonly
os_type OS type of the discovered node string Readonly
os_version OS version of the discovered node string Readonly
parent_compute_collection External id of the compute collection to which this node belongs string Readonly
resource_type Must be set to the value DiscoveredNode string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
stateless Specifies whether host is stateless

The stateless property describes whether host persists its state across reboot or not. If state persists, value is set as false otherwise true.		 boolean Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DiscoveredNodeInterfaceProperties (schema)

Discovered node network interface properties

Network interface properties of discovered node

Name Description Type Notes
connected_switch Connected switch

Switch name which is connected to nic, switch can be opaque, proxyHostSwitch or virtual		 string
connected_switch_type Type of virtual switch

Type of virtual switch can be VSS, DVS or N-VDS.		 string Enum: VSS, DVS, N-VDS
interface_id Interface ID

Id of the network interface		 string
physical_address Interface MAC address

Mac address of the interface		 MACAddress

DiscoveredNodeListRequestParameters (schema)

Discovered Node list parameters

Name Description Type Notes
cm_local_id Local Id of the discovered node in the Compute Manager string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
display_name Display name of discovered node string
external_id External id of the discovered node, ex. a mo-ref from VC string
has_parent Discovered node has a parent compute collection or is a standalone host string Enum: true, false
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ip_address IP address of the discovered node string
node_id Id of the fabric node created from the discovered node string
node_type Discovered Node type like HostNode string
origin_id Id of the compute manager from where this node was discovered string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
parent_compute_collection External id of the compute collection to which this node belongs string
sort_ascending boolean
sort_by Field by which records are sorted string

DiscoveredNodeListResult (schema)

Discovered Node list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Discovered Node list results array of DiscoveredNode Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DiscoveredNodeNetworkInterfaces (schema)

Discovered node network interfaces

All the network interfaces of the discovered node

Name Description Type Notes
discovered_node_id Discovered node Id

Id of the discovered node		 string Required
network_interfaces Discovered Node interfaces

Network interfaces of the node		 array of DiscoveredNodeInterfaceProperties

DiscoveredResource (schema)

Base class for resources that are discovered and automatically updated

This is an abstract type. Concrete child types:
DistributedVirtualPortgroup
DistributedVirtualSwitch
VirtualPortgroup
VirtualSwitch

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
resource_type The type of this resource. string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DiscoveredResourceScope (schema)

Scope of discovered resource

Name Description Type Notes
scope_id Scope Id of scope for discovered resource

Specifies the scope id of discovered resource.
string
scope_type Type of scope

Type of the scope for the discovered resource.		 string Enum: CONTAINER_CLUSTER

DiscoveredVifListParameters (schema)

Segment list parameters

The parameters to fetch the discovered VIF state.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
host_switch_id VDS identifier

Host switch id.		 string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
segment_id Segment identifier

Segment id.		 string
sort_ascending boolean
sort_by Field by which records are sorted string

DiscoveredVifState (schema)

Discovered Vif State

State of VIFs connected to discovered segment on the TransportNode.

Name Description Type Notes
error_msg Error message

Error encountered during segment port creation for the discovered VIF.		 string
id VIF Id

Id of discovered VIF.		 string Required
segment_path Path of the discovered segment

Segment path related with discovered VIF.		 string Required
segment_port_path Path of the segment port

SegmentPort path related with discovered VIF.		 string Required
state Discovered VIF State

The state of specific discovered VIF.		 string Enum: PENDING, ATTACHMENT_IN_PROGRESS, ATTACHMENT_SUCCESS, ATTACHMENT_FAILED

DiscoveredVifStateListResult (schema)

Segment queries result

Array of result of discovered VIF state result.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Discovered Segment Results array of DiscoveredVifState Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DiscoveryProfileBindingMap (schema)

Base Discovery Profile Binding Map

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DiscoveryProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DiskProvisioning (schema)

Disk provisioning type

Disk provisioning type for deploying VM.

Name Description Type Notes
DiskProvisioning Disk provisioning type

Disk provisioning type for deploying VM.		 string Required
Enum: THIN, LAZY_ZEROED_THICK, EAGER_ZEROED_THICK

DistributedFloodProtectionProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_rst_spoofing Flag to indicate rst spoofing is enabled

If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles.		 boolean Default: "False"
enable_syncache Flag to indicate syncache is enabled

If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles.		 boolean Default: "False"
icmp_active_flow_limit Active ICMP connections limit

If this field is empty, firewall will not set a limit to active ICMP connections.		 integer Minimum: 1
Maximum: 1000000
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
other_active_conn_limit Timeout after first TN

If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.		 integer Minimum: 1
Maximum: 1000000
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DistributedFloodProtectionProfile FloodProtectionProfileResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_half_open_conn_limit Active half open TCP connections limit

If this field is empty, firewall will not set a limit to half open TCP connections.		 integer Minimum: 1
Maximum: 1000000
udp_active_flow_limit Active UDP connections limit

If this field is empty, firewall will not set a limit to active UDP connections.		 integer Minimum: 1
Maximum: 1000000
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DistributedVirtualPortgroup (schema)

Distributed virtual portgroup on a VC

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
backing_type Backing type for portgroup

For distributed virtual portgroup, backing type is standard.
For logical switch portgroup, the backing type is set to nsx.
string
cm_local_id Id of the portgroup in compute manager

Id of the portgroup, eg. a mo-ref from VC.		 string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External id of the virtual portgroup string Required
Readonly
key Generated UUID of the portgroup string
origin_type Portgroup type like DistributedVirtualPortgroup string Readonly
overall_status General status of the virtual portgroup

This parameters reflects the managed entity status of the portgroup
as reported by VC.
string Readonly
Enum: RED, YELLOW, GREEN, GRAY
resource_type Must be set to the value DistributedVirtualPortgroup string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DistributedVirtualSwitch (schema)

DistributedVirtualSwitch on a VC

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cm_local_id ID of the virtual switch in compute manager string Readonly
description Description of this resource string Maximum length: 1024
Sortable
discovered_nodes Array of discovered nodes connected

Array of discovered nodes connected to this switch.		 array of DiscoveredNode Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External id of the virtual switch string Required
Readonly
lacp_group_configs Array of Link Aggregation Control Protocol (LACP) configuration

It contains information about VMware specific multiple dynamic
LACP groups.
array of LacpGroupConfigInfo
origin_id ID of the compute manager

ID of the compute manager where this virtual switch is discovered.
string Readonly
origin_properties Key-Value map of additional properties of switch array of KeyValuePair Readonly
origin_type Switch type like VmwareDistributedVirtualSwitch string Readonly
resource_type Must be set to the value DistributedVirtualSwitch string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
uplink_port_names Uplink port names

The uniform name of uplink ports on each host.		 array of string Readonly
uplink_portgroup Uplink portgroup of distributed virtual switch DistributedVirtualPortgroup Readonly
uuid UUID of the switch string Readonly

DnsAnswer (schema) (Deprecated)

Answer of dns nslookup

The response for DNS nslookup.

Name Description Type Notes
answers The answers of the query.

The answers of the query.
array of DnsQueryAnswer Minimum items: 1
Maximum items: 256
authoritative_answers Authoritative answers

Authotitative answers of the query.
This is a deprecated property, please use 'answers' instead.
array of DnsQueryAnswer Deprecated
Minimum items: 1
Maximum items: 256
dns_server DNS server information

Dns server ip address and port, format is "ip address#port".
string Required
edge_node_id Edge node id

ID of the edge node that performed the query.
string Required
non_authoritative_answers Non authoritative answers

Non-authotitative answers of the query.
This is a deprecated property, please use 'answers' instead.
array of DnsQueryAnswer Deprecated
Minimum items: 1
Maximum items: 256
raw_answer Raw message returned from the DNS forwarder

It can be NXDOMAIN or error message which is not consisted of
authoritative_answer or non_authoritative_answer.
string
source_ip The source ip used in this lookup

The source ip used in this lookup.
IPv4Address Required

DnsFailedQueries (schema)

The array of failed DNS queries for active and standby transport node

The array of the failed DNS queries with entry count and timestamp
on active and standby transport node.

Name Description Type Notes
per_node_failed_queries The array of failed DNS queries on active and standby transport node

The array of failed DNS queries on active and standby transport node.
If there is no standby node, the failed queries on standby node will
not be present.
array of PerNodeDnsFailedQueries Readonly
timestamp Timestamp of the request

Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.
string Required
Readonly

DnsFailedQuery (schema)

The failed DNS query

The summary of the failed DNS query. The query result represents a full
query chain from client VM to dns forwarder, and upstream server if no
forwarder cache was hit.

Name Description Type Notes
address The adddress be queried

The address be queried, can be a FQDN or an ip address.		 string
client_ip The client host ip address from which the query was issued

The client host ip address from which the query was issued.
string
error_message The error message of the failed query

The detailed error message of the failed query, if any.		 string
error_type The type of the failure

The type of the query failure, e.g. NXDOMAIN, etc.		 string
forwarder_ip The DNS forwarder ip address to which the query was first received

The DNS forwarder ip address to which the query was first received.
string
record_type The record type be queried

The record type be queried, e.g. A, CNAME, SOA, etc.		 string
source_ip The source ip address for forwarding query

The source ip address that is used to forward a query to an upstream
server.
string
time_spent Time spent in the query, if applicable

The time the query took before it got a failed answer, in ms.		 integer
timestamp Timestamp of the request

Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.		 string Required
upstream_server_ip The ip address to which the query was forwarded

The upstream server ip address to which the query was forwarded. If the
query could not be serviced from the DNS forwarder cache, this property
will contain the IP address of the DNS server that serviced the request.
If the request was serviced from the cache, this property will be absent.
string

DnsFailedQueryRequestParameters (schema)

The request parameters to get failed DNS queries

To specify how many failed DNS queries will be returned.

Name Description Type Notes
count The count of the failed DNS queries

How many failed DNS queries should be returned.		 integer Minimum: 1
Maximum: 1000
Default: "100"

DnsForwarder (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cache_size Cache size in KB

One DNS answer cache entry will consume ~120 bytes. Hence 1 KB cache
size can cache ~8 DNS answer entries, and the default 1024 KB cache
size can hold ~8k DNS answer entries.
int Minimum: 1
Maximum: 16777216
Default: "1024"
conditional_forwarders Conditional zone forwarders

The conditional zone forwarders. During matching a zone forwarder,
the DNS forwarder will use the conditional fowarder with the longest
domain name that matches the query.
array of ConditionalForwarderZone Maximum items: 5
default_forwarder Default zone forwarder

The default zone forwarder that catches all other domain names except
those matched by conditional forwarder zone.
ForwarderZone Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to enable/disable the forwarder boolean Default: "True"
id Unique identifier of this resource string Sortable
listener_ip Listener ip address

The ip address the DNS forwarder listens on. It can be an ip address
already owned by the logical-router uplink port or router-link, or a
loopback port ip address. But it can not be a downlink port address.
User needs to ensure the address is reachable via router or NAT from
both client VMs and upstream servers. User will need to create Firewall
rules if needed to allow such traffic on a Tier-1 or Tier-0.
IPv4Address Required
log_level Log level of the DNS forwarder string Enum: DEBUG, INFO, WARNING, ERROR, FATAL
Default: "INFO"
logical_router_id Logical router id

Specify the LogicalRouter where the DnsForwarder runs. The HA mode
of the hosting LogicalRouter must be Active/Standby.
string Required
resource_type Must be set to the value DnsForwarder string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

DnsForwarderListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DNS forwarders array of DnsForwarder Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DnsForwarderStatistics (schema) (Deprecated)

Statistics counters of the DNS forwarder

The current statistics counters of the DNS forwarder including cache usages
and query numbers per forwarders.

Name Description Type Notes
conditional_forwarder_statistics The statistics of conditional forwarders array of PerForwarderStatistics Readonly
Minimum items: 0
Maximum items: 5
configured_cache_size The configured cache size, in kb integer Readonly
default_forwarder_statistics The statistics of default forwarder PerForwarderStatistics Readonly
error_message Error message, if available string Readonly
queries_answered_locally The totocal number of queries answered from local cache integer Readonly
queries_forwarded The total number of forwarded dns queries integer Readonly
timestamp Time stamp of the current statistics, in ms EpochMsTimestamp Readonly
total_queries The total number of received dns queries integer Readonly
used_cache_statistics The statistics of used cache array of PerNodeUsedCacheStatistics Readonly
Minimum items: 0
Maximum items: 2

DnsForwarderStatus (schema) (Deprecated)

The current runtime status of DNS forwarder

The current runtime status of the DNS forwarder including the hosting
transport nodes and forwarder service status.

Name Description Type Notes
active_node Uuid of active transport node string Readonly
extra_message Extra message, if available string Readonly
standby_node Uuid of stand_by transport node. null if non-HA mode string Readonly
status UP means the DNS forwarder is working correctly on the active transport
node and the stand-by transport node (if present). Failover will occur
if either node goes down.
DOWN means the DNS forwarder is down on both active transport node and
standby node (if present). The DNS forwarder does not function in this
situation.
Error means there is some error on one or both transport node, or no
status was reported from one or both transport nodes. The dns forwarder
may be working (or not working).
NO_BACKUP means dns forwarder is working in only one transport node,
either because it is down on the standby node, or no standby is configured.
An forwarder outage will occur if the active node goes down.
string Readonly
Enum: UP, DOWN, ERROR, NO_BACKUP
timestamp Time stamp of the current status, in ms EpochMsTimestamp Readonly

DnsHeader (schema)

Name Description Type Notes
address Domain name/IP to query/response

This is used to define what is being asked or responded.		 string Format: hostname-or-ip
address_type This is used to specify the type of the address. V4 - The address provided is an IPv4 domain name/IP address, the Type in query or response will be A V6 - The address provided is an IPv6 domain name/IP address, the Type in query or response will be AAAA string Enum: V4, V6
Default: "V4"
message_type Specifies the message type whether it is a query or a response. string Enum: QUERY, RESPONSE
Default: "QUERY"

DnsNameString (schema)

An IA5String instance for DNS Name

DNS name string in the "preferred name syntax", as specified by
Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123].

Name Description Type Notes
DnsNameString An IA5String instance for DNS Name

DNS name string in the "preferred name syntax", as specified by
Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123].
string Maximum length: 200
Format: hostname

DnsQueryAnswer (schema) (Deprecated)

Answer of nslookup

Name Description Type Notes
address Matched ip address

Can be resolved ip address.
string
name Matched name

Matched name of the given address.
string
raw_string Unparsed answer string

Unparsed answer string from raw_answer.
string

DnsSecurityProfile (schema)

DNS security profile

Used to configure DNS security profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DnsSecurityProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
ttl Time to live for DNS cache entry

Time to live for DNS cache entry in seconds. Valid TTL values are between 3600
to 864000. However, this field accepts values between 0 through 864000. We define
TTL type based on the value of TTL as follows:
TTL 0 - cached entry never expires.
TTL 1 to 3599 - invalid input and error is thrown
TTL 3600 to 864000 - ttl is set to user input
TTL field not set by user - TTL type is 'AUTO' and ttl value is set from DNS response packet.

User defined TTL value is used only when it is betweeen 3600 to 864000.
integer Minimum: 0
Maximum: 864000
Default: "86400"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DnsSecurityProfileBindingMap (schema)

Binding Map for DNS Security Profile

This entity will be used to establish association between DNS security profile and
Group. With this entity, user can specify intent for applying DNS security profile
profile to particular Group.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DnsSecurityProfileBindingMap string
sequence_number Sequence number DNS Security Profile Binding Map

Sequence number used to resolve conflicts betweeen two profiles applied on
the same group. Lower sequence number takes higher precedence. Two binding
maps applied to the same profile must have the same sequence number.
User defined sequence numbers range from 1 through 100,000.
System defined sequence numbers range from 100,001 through 200,000.
integer Minimum: 1
Maximum: 100000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DnsSecurityProfileBindingMapListRequestParameters (schema)

DNS Security Profile Binding Map List Request Parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

DnsSecurityProfileBindingMapListResult (schema)

Paged collection of DNS Security Profile Binding Map

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results DNS Security Profile Binding Map List Results array of DnsSecurityProfileBindingMap
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DnsSecurityProfileListResult (schema)

Paged Collection of DnsSecurityProfile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results DnsSecurityProfile list results array of DnsSecurityProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DnsSettings (schema)

DNS settings

Stores Azure gateway DNS settings like dns_mode and dns_list.

Name Description Type Notes
dns_list List of nameserver(s)

The is a list of nameserver ipv4 addresses that will be used by the
public cloud gateway. DNS will use these nameserver(s) if the
cloud_dns_mode is set to PRECONFIGURED.
array of string
dns_mode DNS mode

DHCP: Obtain nameserver(s) from DHCP.
PRECONFIGURED: User supplies list of nameserver(s).
CLOUD: Use cloud provider DNS.
string Enum: DHCP, PRECONFIGURED, CLOUD
Default: "DHCP"

DnsTtlConfig (schema)

DNS TTL config

Firewall to use TTL config to manage firewall cache to expire snooped FQDN entries from DNS response.

Name Description Type Notes
dns_ttl_type TTL type.

TTL type to decide how to manage ttl.		 string Required
Enum: USE_TTL, AUTO, NEVER_EXPIRE
ttl DNS server TTL

The number of seconds that snooped DNS responses are retained in the cache. Used only when dns_ttl_type is USE_TTL.		 integer Minimum: 3600
Maximum: 864000
Default: "86400"

Domain (schema)

Domain

Domain.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildCommunicationMap
ChildDomainDeploymentMap
ChildEndpointPolicy
ChildForwardingPolicy
ChildGatewayPolicy
ChildGroup
ChildIdsGatewayPolicy
ChildIdsSecurityPolicy
ChildRedirectionPolicy
ChildSecurityPolicy
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Domain string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DomainDeploymentMap (schema)

Domain Deployment Map

Binding of domain to the enforcement point.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enforcement_point_path Absolute path of enforcement point

Path of enforcement point on which domain shall be enforced.		 string Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value DomainDeploymentMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

DomainDeploymentMapListRequestParameters (schema)

Domain Deployment Map List Request Parameters

Domain Deployment Map list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

DomainDeploymentMapListResult (schema)

Paged Collection of Domain Deployment Map

Paged collection of Domain Deployment Map.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Domain Deployment Map List Result

Domain Deployment Map list result.		 array of DomainDeploymentMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DomainListRequestParameters (schema)

Domain list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

DomainListResult (schema)

Paged Collection of Domains

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Domain list results array of Domain Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

DonutConfiguration (schema)

Donut Configuration

Represents configuration of a Donut

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
count Expression to retrieve count to be shown on Donut

Expression to retrieve count to be shown on Donut.		 string
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_count Show or hide the count of entities

If true, displays the count of entities in the donut		 boolean Default: "True"
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
label Label of the Donut Configuration

Displayed at the middle of the donut, by default. It labels the entities of donut.		 Label
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string Maximum length: 1024
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value DonutConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
sections Sections array of DonutSection Required
Minimum items: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

DonutPart (schema)

Portion of a donut or stats chart

Represents an entity or portion to be plotted on a donut or stats chart.

Name Description Type Notes
condition Expression for evaluating condition

If the condition is met then the part will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.		 string
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string
field Value of the portion or entity of donut or stats chart

A numerical value that represents the portion or entity of the donut or stats chart.		 string Required
Maximum length: 1024
hide_empty_legend Hide the legend if the data for the part is not available

If true, legend will be shown only if the data for the part is available. This is applicable only if legends are specified in widget configuration.		 boolean Default: "False"
label Label of the portion or entity of donut or stats chart

If a section 'template' holds this donut or stats part, then the label is auto-generated from the fetched field values after applying the template.		 Label
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used.		 string
render_configuration Render Configuration

Additional rendering or conditional evaluation of the field values to be performed, if any.		 array of RenderConfiguration Minimum items: 0
tooltip Multi-line tooltip

Multi-line text to be shown on tooltip while hovering over the portion.		 array of Tooltip Minimum items: 0

DonutSection (schema)

Section of a donut or stats chart

Represents high level logical grouping of portions or segments of a donut / stats chart.

Name Description Type Notes
parts Parts of a donut / stats chart

Array of portions or parts of the donut or stats chart.		 array of DonutPart Required
Minimum items: 1
row_list_field Field from which parts of the donut or stats chart are formed

Field of the root of the api result set for forming parts.		 string Maximum length: 1024
template Template, if any, for automatically forming the donut or stats parts

If true, the section will be appled as template for forming parts. Only one part will be formed from each element of 'row_list_field'.		 boolean Default: "False"

DropdownFilterPlotConfiguration (schema)

Dropdown Filtert plotting configuration

Dropdown Filter plotting configuration.

Name Description Type Notes
allow_maximize Allow maximize capability for this widget

Allow maximize capability for this widget		 boolean
allow_search Allow search on drop down filter

Allow search on drop down filter.
boolean Default: "False"
condition Expression for evaluating condition for this chart config

If the condition is met then the given chart config is applied to the widget configuration.		 string Maximum length: 1024

DropdownFilterWidgetConfiguration (schema)

Dropdown Filter widget Configuration

Represents configuration for dropdown filter widget.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alias Alias to be used when emitting filter value

Alias to be used when emitting filter value.		 string
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
default_value Expression to specify default value

Expression to specify default value of filter.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
dropdown_filter_plot_config Dropdown filter plotting configuration

Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only.		 DropdownFilterPlotConfiguration
dropdown_item Definition for item of a dropdown

Defines the item of a dropdown.		 DropdownItem
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
placeholder_msg Placeholder message to be shown in filter

Placeholder message to be displayed in dropdown filter.		 string
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value DropdownFilterWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
static_filter_condition Expression for evaluating condition

If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally.		 string
static_filters Additional static items to be added in dropdown filter

Additional static items to be added in dropdown filter. Example can be 'ALL'.		 array of StaticFilter
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

DropdownItem (schema)

Dropdown item definition

Name Description Type Notes
additional_value An additional value for item to be display in dropdown.

An additional key-value pair for item to be display in dropdown.		 object
display_name Display name for item to be displayed in dropdown

expression to extract display name to be shown in the drop down.		 string Maximum length: 1024
field Expression for dropdown items of filter

An expression that represents the items of the dropdown filter.		 string Required
short_display_name A property value to be shown once value is selected for a filter.

Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used.		 string Maximum length: 1024
value Value for item to be displayed in dropdown

Value of filter inside dropdown filter.		 string Required

Dscp (schema) (Deprecated)

One of Quality-of-Service or Encapsulated-Remote-Switched-Port-Analyzer

Dscp value is ignored in case of 'TRUSTED' DscpMode.

Name Description Type Notes
mode DscpMode
priority Internal Forwarding Priority int Minimum: 0
Maximum: 63
Default: "0"

DscpBit (schema)

Dscp bit config

Name Description Type Notes
dscp_bit DSCP bit for indicating the existence of INT header.

A DSCP bit is allocated to indicate the existence of INT header. It takes
effect only when the INT indicator mode is DSCP_BIT. The user should
guarantee that the given DSCP bit is specifically allocated for INT.
int Required
Minimum: 0
Maximum: 5
indicator_type Must be set to the value DscpBit string Required
Enum: DSCP_BIT, DSCP_VALUE

DscpIndicator (schema)

Abstract base type for Global In-band network telemetry configuration

The DscpIndicator is the base class for global In-band network telemetry
configurations for different types in a NSX domain.
This is an abstract type. Concrete child types:
DscpBit
DscpValue

Name Description Type Notes
indicator_type The method for indicating the existence of INT header. string Required
Enum: DSCP_BIT, DSCP_VALUE

DscpMode (schema) (Deprecated)

Trust settings

Name Description Type Notes
DscpMode Trust settings string Deprecated
Enum: TRUSTED, UNTRUSTED
Default: "TRUSTED"

DscpTrustMode (schema)

Trust settings

When you select the Trusted mode the inner header DSCP value is applied
to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic,
the outer IP header takes the default value.Untrusted mode is supported
on overlay-based and VLAN-based logical port.

Name Description Type Notes
DscpTrustMode Trust settings

When you select the Trusted mode the inner header DSCP value is applied
to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic,
the outer IP header takes the default value.Untrusted mode is supported
on overlay-based and VLAN-based logical port.
string Enum: TRUSTED, UNTRUSTED
Default: "TRUSTED"

DscpValue (schema)

Dscp bit config

Name Description Type Notes
dscp_value DSCP value for indicating the existence of INT header.

A DSCP value is allocated to indicate the existence of INT header. It takes
effects only when the INT indicator mode is DSCP_VALUE. The user should
guarantee that the given DSCP value is specifically allocated for INT.
int Required
Minimum: 1
Maximum: 63
indicator_type Must be set to the value DscpValue string Required
Enum: DSCP_BIT, DSCP_VALUE

DuplicateAddressBindingEntry (schema) (Deprecated)

Duplicate address binding information

Name Description Type Notes
binding Combination of IP-MAC-VLAN binding PacketAddressClassifier
binding_timestamp Timestamp of binding

Timestamp at which the binding was discovered via snooping or manually
specified by the user
EpochMsTimestamp
conflicting_port ID of logical port with the same address binding

Provides the ID of the port on which the same address bidning exists
string
source Address binding source

Source from which the address binding entry was obtained		 AddressBindingSource Default: "UNKNOWN"

DuplicateIPDetection (schema) (Deprecated)

Duplicate IP detection and control

Name Description Type Notes
duplicate_ip_detection_enabled Indicates whether duplicate IP detection should be enabled boolean Default: "False"

DuplicateIPDetectionOptions (schema)

Controls duplicate IP detection options

Contains dupliacte IP detection related discovery options.

Name Description Type Notes
duplicate_ip_detection_enabled Duplicate IP detection

Indicates whether duplicate IP detection should be enabled		 boolean Default: "False"

DynamicContentFilterQueryParameter (schema)

Name Description Type Notes
scope Restrict scope of dynamic content filters to report string Enum: NAPP

DynamicContentFilterValue (schema)

Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES

Name Description Type Notes
DynamicContentFilterValue Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES string

DynamicContentFilters (schema)

Name Description Type Notes
dynamic_content_filters Support bundle content filter allowed values

These filter values will be set by the remote node like the NSX Intelligence Platform for instance. We would not need to know or act on these dynamic content filters, except for passing them on as request parameters along with the support bundle collection API.		 array of DynamicContentFilterValue

DynamicPluginFileProperties (schema)

Plugin file properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
file_name File name string Required
plugin_path Plugin id string Required
status Upload status string Required
Enum: SUCCESS, FAILURE

EPActionForDnsForwarderRequestParameters (schema)

Name Description Type Notes
action An action to be performed for DNS forwarder on EP

The valid DNS forwarder actions to be performed on EP are,
- clear_cache:
Clear the current cache of the dns forwarder from
specified enforcement point.
string Required
Enum: clear_cache
enforcement_point_path An enforcement point path, on which the action is to be performed

An enforcement point path, on which the action is to be performed.
If not specified, default enforcement point path,
/infra/sites/default/enforcement-points/default will be considered.
string Default: "/infra/sites/default/enforcement-points/default"

EULAAcceptance (schema)

EULA acceptance status

Indicate the status of End User License Agreement acceptance

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
acceptance End User License Agreement acceptance status

Acceptance status of End User License Agreement		 boolean Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value EULAAcceptance string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

EULAContent (schema)

EULA content

End User License Agreement content

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
content End User License Agreement content

Content of End User License Agreement		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value EULAContent string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

EULAOutputFormatRequestParameters (schema)

Indicate output format of End User License Agreement content

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
value_format End User License Agreement content output format string

EdgeCluster (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allocation_rules Allocation rules for auto placement

Set of allocation rules and respected action for auto placement of
logical router, DHCP and MDProxy on edge cluster members.
array of AllocationRule
cluster_profile_bindings Edge cluster profile bindings array of ClusterProfileTypeIdEntry
deployment_type Edge cluster deployment type

This field is a readonly field which shows the deployment_type of members.
It returns UNKNOWN if there are no members, and returns VIRTUAL_MACHINE|
PHYSICAL_MACHINE if all edge members are VIRTUAL_MACHINE|PHYSICAL_MACHINE.
It returns HYBRID if the cluster contains edge members of both types
VIRTUAL_MACHINE and PHYSICAL_MACHINE.
EdgeDeploymentType Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_inter_site_forwarding Flag to enable inter site forwarding

Flag should be only use in federation for inter site l2 and l3 forwarding.
Before enabling this flag, all the edge cluster members must have remote
tunnel endpoint configured. TIER0/TIER1 logical routers managed by GM
must be associated with edge cluster which has inter-site forwarding
enabled.
boolean Readonly
id Unique identifier of this resource string Sortable
member_node_type Node type of the cluster members

Edge cluster is homogenous collection of transport nodes.
Hence all transport nodes of the cluster must be of same type.
This readonly field shows the type of transport nodes.
EdgeClusterNodeType Readonly
members Edge cluster members

EdgeCluster only supports homogeneous members.
These member should be backed by either EdgeNode or PublicCloudGatewayNode.
TransportNode type of these nodes should be the same.
DeploymentType (VIRTUAL_MACHINE|PHYSICAL_MACHINE) of these EdgeNodes is
recommended to be the same. EdgeCluster supports members of different
deployment types.
array of EdgeClusterMember
node_rtep_ips Remote tunnel endpoint ip address.

List of remote tunnel endpoint ipaddress configured on edge cluster for each transport node.		 array of NodeRtepIpsConfig Readonly
resource_type Must be set to the value EdgeCluster string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

EdgeClusterAllocationStatus (schema)

Allocationd details of edge cluster

Allocation details of cluster and its members. Contains information of the
edge nodes present in cluster, active and standby services of each node,
utilization details of configured sub-pools. These allocation details can
be monitored by customers to trigger migration of certain service contexts
to different edge nodes, to balance the utilization of edge node resources.

Name Description Type Notes
display_name Display name of the edge cluster string Readonly
id Unique identifier of edge cluster

System allotted UUID of edge cluster.		 string Readonly
member_count Count of edge nodes present in the cluster

Represents the number of edge nodes in the cluster.		 int Readonly
members Allocation Status of edge nodes

Allocation details of edge nodes present in the cluster.		 array of EdgeMemberAllocationStatus Readonly

EdgeClusterInterSiteStatus (schema)

Name Description Type Notes
edge_cluster_id Edge cluster id

Id of the edge cluster whose status is being reported.		 string Required
Readonly
edge_cluster_name Edge cluster name

Name of the edge cluster whose status is being reported.		 string Readonly
last_update_timestamp Last updated timestamp

Timestamp when the edge cluster inter-site status was last updated.
EpochMsTimestamp Required
Readonly
member_status Per edge node inter-site status

Per edge node inter-site status.		 array of EdgeClusterMemberInterSiteStatus Readonly
overall_status Overall IBGP status in the edge cluster

Overall status of all edge nodes IBGP status in the edge cluster.
string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN, CONFIGURED

EdgeClusterListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Edge cluster list results array of EdgeCluster Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EdgeClusterMember (schema)

Name Description Type Notes
description description of edge cluster member

description of edge cluster member		 string
display_name display name of edge cluster member

display name of edge cluster member		 string
member_index System generated index for cluster member

System generated index for cluster member		 int Readonly
transport_node_id UUID of edge transport node

Identifier of the transport node backed by an Edge node		 string Required

EdgeClusterMemberAllocationPool (schema)

This is an abstract type. Concrete child types:
LoadBalancerAllocationPool

Name Description Type Notes
allocation_pool_type AllocationPoolType Required

EdgeClusterMemberAllocationProfile (schema)

Name Description Type Notes
allocation_pool Edge Cluster Member Allocation Pool for logical router

Logical router allocation can be tracked for specific services and
services may have their own hard limits and allocation sizes. For
example load balancer pool should be specified if load balancer
service will be attached to logical router.
EdgeClusterMemberAllocationPool
(Abstract type: pass one of the following concrete types)
LoadBalancerAllocationPool
allocation_type Resource allocation type

Allocation type is used to specify the mode used to allocate the LR.
This is populated only for TIER1 logical router and for TIER0 this
will be null.
string Readonly
Enum: MANUAL, AUTO
enable_standby_relocation Flag to enable standby service router relocation

Flag to enable the auto-relocation of standby service router running
on edge cluster and node associated with the logical router. Only
dynamically allocated tier1 logical routers are considered for the
relocation.
boolean Default: "False"

EdgeClusterMemberInterSiteStatus (schema)

Name Description Type Notes
established_bgp_sessions Established inter-site IBGP sessions

Total number of current established inter-site IBGP sessions.		 integer Readonly
neighbor_status BGP neighbor status

Inter-site BGP neighbor status.		 array of BgpNeighborStatusLiteDto Readonly
status Edge node IBGP status

Edge node IBGP status		 string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN
total_bgp_sessions Total inter-site IBGP sessions

Total number of inter-site IBGP sessions.		 integer Readonly
transport_node Transport node

Edge node details from where the status is being retrived.		 ResourceReference Required
Readonly

EdgeClusterMemberStatus (schema)

Name Description Type Notes
status Status of an edge node string Required
Enum: UP, DOWN, ADMIN_DOWN, PARTIALLY_DISCONNECTED, UNKNOWN
transport_node UUID of edge transport node

Transport node backed by an Edge node.		 ResourceReference Required

EdgeClusterMemberTransportNode (schema)

Name Description Type Notes
member_index System generated index for cluster member

System generated index for cluster member		 int Required
transport_node_id UUID of edge transport node

Identifier of the transport node backed by an Edge node		 string Required

EdgeClusterNodeType (schema)

Supported edge cluster node type.

Name Description Type Notes
EdgeClusterNodeType Supported edge cluster node type. string Enum: EDGE_NODE, PUBLIC_CLOUD_GATEWAY_NODE, UNKNOWN

EdgeClusterState (schema)

Realization State of Edge Cluster.

This holds the state of Edge Cluster. If there are errors in
realizing EC outside of MP, it gives details of the components and
specific errors.

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
pending_change_list List of pending changes

Request identifier of the API which modified the entity.		 array of string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

EdgeClusterStatus (schema)

Name Description Type Notes
edge_cluster_id Edge cluster id

Id of the edge cluster whose status is being reported		 string Required
edge_cluster_status Status of an edge node string Required
Enum: UP, DOWN, DEGRADED, UNKNOWN
last_update_timestamp Last updated timestamp

Timestamp when the cluster status was last updated		 EpochMsTimestamp Required
Readonly
member_status Per Edge Node Status array of EdgeClusterMemberStatus Readonly

EdgeConfigDiagnosis (schema)

Name Description Type Notes
failed Failed Config FailedOrWarningConfig Required
passed Passed Config array of ConfigType Required
warning Config Warning FailedOrWarningConfig Required

EdgeConfigurationState (schema)

Configuration State for Edge and VPN entities.

This contains fields that captures state of Trackable entities.
Edge and VPN state entities extend this object.

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
pending_change_list List of pending changes

Request identifier of the API which modified the entity.		 array of string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

EdgeDataplaneCpuStats (schema)

Information about Edge Dataplane CPU Stats

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cores Statistics of CPU cores

Statistics of CPU cores		 array of CpuStats Maximum items: 64
datapath_cores_mode Datapath core mode

Mode of how the datapath cores get the packets from driver		 string Readonly

EdgeDataplaneCtrlPrioSetting (schema)

Information about Edge Dataplane control packet prioritization setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
ctrl_prio_enabled Control packet prioritization setting boolean

EdgeDataplaneDynamicCoreSetting (schema)

Information about Edge Dataplane control dynamic core setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
dynamic_core_enabled Edge Dataplane dynamic core setting boolean

EdgeDataplaneFlow (schema)

Edge dataplane flow record

Name Description Type Notes
dst_ip Destination IP

Destination IP of the flow		 string
dst_port Destination port

Destination port of the flow		 integer
proto Protocol

Protocol of the flow		 integer
src_ip Source IP

Source IP of the flow		 string
src_port Source port

Source port of the flow		 integer
tunnel_dst_ip Tunnel destination IP

Tunnel destination IP of the flow		 string
tunnel_src_ip Tunnel source IP

Tunnel source IP of the flow		 string

EdgeDataplaneFlowCacheSetting (schema)

Information about Edge Dataplane Flow Cache mode.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
flow_cache_enabled Flow cache setting boolean

EdgeDataplaneFlowMonitorMessage (schema)

Edge dataplane flow monitor message

Name Description Type Notes
message Message

Edge dataplane flow monitor message		 string

EdgeDataplaneFlowMonitorStartSetting (schema)

Information about Edge Dataplane flow monitor start setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
core_id Core id

Flow monitor core id		 string
timeout Timeout for flow monitor in seconds, in the range of 1 - 600.

Flow monitor timeout in seconds		 string Default: "15"

EdgeDataplaneFlowQueryParameters (schema)

Name Description Type Notes
fields Fields to include in query results

Comma-separated field names to include in query result		 string
top_10 Collect top 10 flows when set to true

Collect top 10 flows when set to true, else collect all flows.		 boolean Default: "False"

EdgeDataplaneFwContexts (schema)

Information about Edge Dataplane firewall contexts

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
results Firewall Context

Firewall context		 array of FwContexts Maximum items: 4096

EdgeDataplaneGeneveCbitSetting (schema)

Information about Edge Dataplane geneve cbit setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
geneve_cbit_set geneve critical bit setting boolean

EdgeDataplaneIntrModeSetting (schema)

Information about Edge Dataplane interrupt mode setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
intr_mode_enabled interrupt mode setting boolean

EdgeDataplaneL2vpnPmtuSetting (schema)

Information about Edge Dataplane l2vpn pmtu message generation setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
l2vpn_pmtu_enabled l2vpn pmtu setting boolean

EdgeDataplanePmtuLearningSetting (schema)

Information about Edge Dataplane pmtu learning setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
pmtu_learning_enabled l3vpn pmtu setting boolean

EdgeDataplaneQatAdminSetting (schema)

Information about Edge Dataplane QAT feature enabled setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
qat_admin_enabled QAT feature enabled setting boolean

EdgeDataplaneQatAdminSettingResponse (schema)

Information about Edge Dataplane QAT feature enabled setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
update_message Datapath QAT enable CLI message

Message to display after setting QAT feature		 string Readonly

EdgeDataplaneQatStatus (schema)

Information about Edge Dataplane QAT status

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
admin_status QAT enabled

QAT device enabled		 boolean Readonly
device_present QAT present

QAT device present		 boolean Readonly
fips_compliant FIPS compliance

FIPS compliance of QAT feature		 boolean Readonly
is_vm VM deployment

Edge is deployed in VM		 boolean Readonly
operational_status QAT running

QAT device currently running		 boolean Readonly

EdgeDataplaneQueueNumPerPortPerCoreSetting (schema)

Information about Edge Dataplane queue num per port per core setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
queue_num_per_port_per_core queue number per port per core integer Minimum: 1
Maximum: 16

EdgeDataplaneRingSize (schema)

Information about Edge physical port ring size.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
rx_ring_size rx ring size integer
tx_ring_size tx ring size integer

EdgeDataplaneRingSizeSetting (schema)

Information about Edge physical port ring size setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
ring_size ring size integer

EdgeDataplaneTopKFlowQueryParameters (schema)

Name Description Type Notes
core_id CPU core on which the flows are to be monitored

CPU core on which the flows are to be monitored		 integer Minimum: 0
Maximum: 128
fields Fields to include in query results

Comma-separated field names to include in query result		 string
timeout Timeout for flow monitor in seconds

Timeout for flow monitor in seconds		 integer Minimum: 1
Maximum: 120
Default: "30"

EdgeDataplaneTopKFlows (schema)

Edge dataplane top-k flow dump

Name Description Type Notes
flow_count Count of flow records

Count of flow records in the result		 integer
flows Array of flow records

Array of flow records		 array of EdgeDataplaneFlow

EdgeDeploymentType (schema)

Supported edge deployment type.

Name Description Type Notes
EdgeDeploymentType Supported edge deployment type. string Enum: VIRTUAL_MACHINE, PHYSICAL_MACHINE, UNKNOWN

EdgeDiagnosis (schema)

Name Description Type Notes
config Edge Config Diagnosis EdgeConfigDiagnosis Required
ha-state HA State string Required
Enum: disabled, offline, discover, statesync, inactive, active, unknown

EdgeDiagnosisInconsistency (schema)

NSX Edge inconsistency check

Name Description Type Notes
detail NSX Edge inconsistency check detail

NSX Edge inconsistency check detail		 array of string
title NSX Edge inconsistency check type

NSX Edge inconsistency check type		 string

EdgeDiagnosisInconsistencyResult (schema)

NSX Edge inconsistency check result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NSX Edge inconsistency check result array of EdgeDiagnosisInconsistency
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EdgeFormFactor (schema)

Supported edge form factor.

Name Description Type Notes
EdgeFormFactor Supported edge form factor. string Enum: SMALL, MEDIUM, LARGE, XLARGE

EdgeHighAvailabilityProfile (schema) (Deprecated)

Profile for BFD HA cluster setting

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bfd_allowed_hops BFD allowed hops integer Minimum: 1
Maximum: 255
Default: "255"
bfd_declare_dead_multiple Number of times a packet is missed before BFD declares the neighbor down. integer Minimum: 2
Maximum: 16
Default: "3"
bfd_probe_interval the time interval (in millisec) between probe packets for heartbeat purpose integer Minimum: 50
Maximum: 60000
Default: "500"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value EdgeHighAvailabilityProfile ClusterProfileType Required
standby_relocation_config Standby service contexts relocation setting StandbyRelocationConfig
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

EdgeIPSecDetermRSSSetting (schema)

Information about Edge IPSec Deterministic RSS Setting.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
deterministic_esp_rss Deterministically queue ESP packets to CPU queues, to achieve higher throughout. boolean

EdgeIPSecDetermRSSValues (schema)

Information about Edge IPSec Deterministic RSS Values.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
deterministic_esp_rss_driver_status Shows driver status of deterministic esp rss feature. string
deterministic_esp_rss_enabled Shows configured value of deterministic esp rss feature. boolean
deterministic_esp_rss_status Shows runtime status of deterministic esp rss feature. string

EdgeInconsistencyQueryParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page)

A cursor points to a specific record in the inconsistency check result		 integer Minimum: 0
page_size Maximum number of results to return in this page (server may return fewer)

The page size determines the number of records to be returned		 integer Minimum: 1
Maximum: 100

EdgeMemberAllocationStatus (schema)

Name Description Type Notes
allocated_services Services allocated on edge node

List of services allocated on the edge node.		 array of AllocatedService Readonly
allocation_pools Pool Allocation details

Allocation details of pools defined on the edge node.		 array of AllocationPool Readonly
member_index System generated index for cluster member

System generated index for transport node backed by edge node.
int Readonly
node_display_name Identifier to use when displaying cluster member in logs or GUI

Display name of edge cluster member. Defaults to ID if not set.
string Readonly
node_id Unique identifier of edge node

System allotted UUID of edge node.		 string Readonly

EdgeNode (schema)

Name Description Type Notes
allocation_list Allocation list

List of logical router ids to which this edge node is allocated.		 array of string Readonly
deployment_config Config for automatic deployment of edge node virtual machine.

When this configuration is specified, edge fabric node of deployment_type VIRTUAL_MACHINE
will be deployed and registered with MP.
EdgeNodeDeploymentConfig
deployment_type EdgeDeploymentType Readonly
description Description of this resource

This field is deprecated. TransportNode field 'description' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 1024
Sortable
discovered_ip_addresses Discovered IP Addresses of the fabric node, version 4 or 6 array of IPAddress Readonly
display_name Identifier to use when displaying entity in logs or GUI

This field is deprecated. TransportNode field 'display_name' must be used instead. For HostNode, this field defaults to ID if not set. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 255
Sortable
external_id ID of the Node maintained on the Node and used to recognize the Node string
fqdn Fully qualified domain name of the fabric node string Readonly
id Unique identifier of this resource

Unique identifier of this resource.		 string Sortable
ip_addresses IP Addresses of the Node, version 4 or 6

IP Addresses of the Node, version 4 or 6. This property is mandatory for all nodes except for
automatic deployment of edge virtual machine node. For automatic deployment, the ip address from
management_port_subnets property will be considered.
array of IPAddress
node_settings Current configuration on edge node.

Reports the current configuration of host name, SSH and servers
configured for DNS, syslog, NTP. The settings are configured as part of
automatic deployment of edge virtual machine. The settings are editable.
EdgeNodeSettings Required
resource_type Must be set to the value EdgeNode string Required
tags Opaque identifiers meaningful to the API user

This field is deprecated. TransportNode field 'tags' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 array of Tag Deprecated
Maximum items: 30

EdgeNodeDeploymentConfig (schema)

Name Description Type Notes
form_factor EdgeFormFactor Default: "MEDIUM"
node_user_settings Node user settings

Username and password settings for the node.
Note - these settings will be honored only during node deployment.
Post deployment, CLI must be used for changing the user settings, changes to these parameters will not have any effect.
NodeUserSettings Required
vm_deployment_config DeploymentConfig
(Abstract type: pass one of the following concrete types)
DeploymentConfig
VsphereDeploymentConfig		 Required

EdgeNodeRefreshRequestParameters (schema)

Parameters for Edge node refresh request

Name Description Type Notes
read_only Read-only flag for Refresh API

If readonly is true, then internal objects like resource reservation, allocation etc are updated. Note that Edge transport node intent is not updated. If it is false or if not set, then internal objects and Edge transport node intent both are updated		 boolean Default: "False"

EdgeNodeServiceLoggingProperties (schema)

Edge node service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties

EdgeNodeServiceLoggingReadOnlyProperties (schema)

Edge node service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties

EdgeNodeSettings (schema)

The settings are used during deployment and consequent update of an edge,
unless indicated otherwise.
These settings are editable for manually deployed edge nodes as well.
If using DHCP, you must leave the following fields unset: search_domains,
management_port_subnets, dns_servers and default_gateway_addresses.
EdgeNodeSettings reports current values configured on the edge node.
If the settings lag with actual state on the edge,
these may be refreshed at NSX Manager using API POST api/v1/transport-nodes
/<transport-node-id>?action=refresh_node_configuration&resource_type=
EdgeNode

Name Description Type Notes
advanced_configuration Advanced configuration

Array of additional specific properties for advanced or cloud-
specific deployments in key-value format.
array of KeyValuePair
allow_ssh_root_login Allow root SSH logins.

Allowing root SSH logins is not recommended for security reasons.
Edit of this property is not supported when updating transport node.
Use the CLI to change this property.
boolean Default: "False"
dns_servers DNS servers.

List of DNS servers.
array of IPAddress
enable_ssh Enable SSH.

Enabling SSH service is not recommended for security reasons.
boolean Default: "False"
hostname Host name or FQDN for edge node. string Required
Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*?$"
ntp_servers NTP servers.

List of NTP servers.
array of HostnameOrIPv4Address
search_domains Search domain names.

List of domain names that are used to complete unqualified host names.
array of string
syslog_servers Syslog servers

List of Syslog server configuration.
array of SyslogConfiguration Maximum items: 5

EdgeTransportNodeDatapathMemoryPoolUsage (schema)

Usage of datapath memory pool

Datapath memory pool usage value.

Name Description Type Notes
description Description of the memory pool

Description of the memory pool.		 string Readonly
name Name of the datapath memory pool

Name of the datapath memory pool as available on edge node CLI.		 string Readonly
usage Percentage of memory pool in use

Percentage of memory pool in use.		 number Readonly

EdgeTransportNodeDatapathMemoryUsage (schema)

Detailed view of the datapath memory usage. Details out the heap and per memory pool usage

Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.

Name Description Type Notes
datapath_heap_usage Percentage of heap memory in use

Percentage of heap memory in use.		 number Readonly
datapath_mem_pools_usage array of EdgeTransportNodeDatapathMemoryPoolUsage
highest_datapath_mem_pool_usage Highest percentage usage value among datapath memory pools

Highest percentage usage value among datapath memory pools.		 number Readonly
highest_datapath_mem_pool_usage_names array of string

EdgeTransportNodeMemoryUsage (schema)

Memory usage details of edge node

Point in time usage of system, datapath, swap and cache memory in edge node.

Name Description Type Notes
cache_usage Percentage of RAM on the system that can be flushed out to disk

Percentage of RAM on the system that can be flushed out to disk.		 number Readonly
datapath_mem_usage_details Detailed view of the datapath memory usage. Details out the heap and per memory pool usage

Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.		 EdgeTransportNodeDatapathMemoryUsage Readonly
datapath_total_usage Percentage of memory in use by datapath processes

Percentage of memory in use by datapath processes which includes RES and hugepage memory.		 number Readonly
swap_usage Percentage of swap disk in use

Percentage of swap disk in use.		 number Readonly
system_mem_usage Percentage of RAM in use on edge node

Percentage of RAM in use on edge node.		 number Readonly

EdgeUpgradeStatus (schema)

Status of edge upgrade

Name Description Type Notes
can_rollback Can perform rollback

This field indicates whether we can perform upgrade rollback.		 boolean Readonly
can_skip Can the upgrade of the remaining units in this component be skipped boolean Readonly
component_type Component type for the upgrade status string Readonly
current_version_node_summary Mapping of current versions of nodes and counts of nodes at the respective versions. NodeSummaryList Readonly
details Details about the upgrade status string Readonly
node_count_at_target_version Count of nodes at target component version

Number of nodes of the type and at the component version		 int Readonly
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
pre_upgrade_status Pre-upgrade status of the component-type UpgradeChecksExecutionStatus Readonly
status Upgrade status of component string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version Target component version string Readonly

EffectiveIPAddressMemberListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of effective ip addresses for the given NSGroup array of IPElement Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EffectiveIPInfo (schema)

List of effective ip address along with site id

Name Description Type Notes
effective_ips array of IPElement Required
site_id Id of the site to which the effective IPs belong to string Required

EffectiveMemberResourceListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of resources which are the effective members of an NSGroup. array of ResourceReference Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EffectiveMemberTypeListResult (schema)

Name Description Type Notes
result_count Count of the member types in the results array integer Required
Readonly
results Collection of member types for the given NSGroup array of NSGroupValidResourceType Required

EffectiveProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of profiles which are applied to an Entity array of NSXProfileReference Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EffectiveProfileRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
profile_type Fetch effectivw profiles of the given profile_type string
resource_id The resource for which the effective profiles are to be fetched string Required
resource_type Type of the resource for which effective profiles are to be fetched EffectiveProfileResourceType Required
sort_ascending boolean
sort_by Field by which records are sorted string

EffectiveProfileResourceType (schema)

Valid Resource type in effective profiles API

This enum defines the valid Resource types to be used
in effective profiles API

Name Description Type Notes
EffectiveProfileResourceType Valid Resource type in effective profiles API

This enum defines the valid Resource types to be used
in effective profiles API
string Enum: NSGroup, LogicalPort, VirtualMachine, TransportNode, LogicalRouter, LogicalSwitch

EgressRateLimiter (schema)

A shaper that specifies egress rate properties in Mb/s

Name Description Type Notes
average_bandwidth Average bandwidth in Mb/s int Minimum: 0
Default: "0"
burst_size Burst size in bytes int Minimum: 0
Default: "0"
enabled boolean Required
peak_bandwidth Peak bandwidth in Mb/s int Minimum: 0
Default: "0"
resource_type Must be set to the value EgressRateLimiter string Required
Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter
Default: "IngressRateLimiter"

EgressRateShaper (schema) (Deprecated)

A shaper that specifies egress rate properties in Mb/s

Name Description Type Notes
average_bandwidth_mbps Average bandwidth in Mb/s int Minimum: 0
Default: "0"
burst_size_bytes Burst size in bytes int Minimum: 0
Default: "0"
enabled boolean Required
peak_bandwidth_mbps Peak bandwidth in Mb/s int Minimum: 0
Default: "0"
resource_type Must be set to the value EgressRateShaper string Required
Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper
Default: "IngressRateShaper"

EmbeddedResource (schema)

Base class for resources that are embedded in other resources

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_owner Owner of this resource OwnerResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Identifier of the resource string Readonly
resource_type The type of this resource. string

EncapsulationType (schema)

Encapsulation type for L3PortMirrorSession

You can choose the encapsulation type of the mirroring, now we support
GRE, ERSPAN II and ERSPAN III.

Name Description Type Notes
EncapsulationType Encapsulation type for L3PortMirrorSession

You can choose the encapsulation type of the mirroring, now we support
GRE, ERSPAN II and ERSPAN III.
string Enum: GRE, ERSPAN_TWO, ERSPAN_THREE

Endpoint (schema)

Tunnel endpoint configuration

An Endpoint object is part of HostSwitch configuration in TransportNode

Name Description Type Notes
default_gateway Gateway IP IPAddress Readonly
device_name Name of the virtual tunnel endpoint string Readonly
ip IP Address of this virtual tunnel endpoint

Depending upon the EndpointIpConfig used in HostSwitch, IP could be allocated either from DHCP (default) or from Static IP Pool.		 IPAddress Readonly
label Unique label for this Endpoint int Readonly
mac MAC address MACAddress Readonly
subnet_mask Subnet mask IPAddress Readonly

EndpointPolicy (schema)

Contains ordered list of Endpoint Rules

Ordered list of Endpoint Rules ordered by sequence number of the entries.
The maximum number of policies is 25.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildEndpointRule
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
endpoint_rules Endpoint Rules that are a part of this EndpointPolicy array of EndpointRule
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EndpointPolicy string
sequence_number Precedence to resolve conflicts across Domains

This field is used to resolve conflicts between maps
across domains.
int Minimum: 0
Maximum: 499
Default: "0"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

EndpointPolicyListRequestParameters (schema)

EndpointPolicy list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

EndpointPolicyListResult (schema)

Paged Collection of Groups

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Guest Introspection Map list results array of EndpointPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EndpointRule (schema)

Endpoint Rule for guest introspection.

Endpoint Rule comes from user configuration. User configures Endpoint Rule to specify what services are applied on the groups.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
groups group paths

We need paths as duplicate names may exist for groups under different
domains. In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Required
Maximum items: 50
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EndpointRule string
sequence_number Sequence number of this Entry

This field is used to resolve conflicts between multiple
entries under EndpointPolicy. It will be system default value when not specified
by user.
int Minimum: 0
Maximum: 499
Default: "0"
service_profiles Names of service profiles

The policy paths of service profiles are listed here. It pecifies what
services are applied on the group. Currently only one is allowed.
array of string Required
Maximum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

EndpointRuleListRequestParameters (schema)

Endpoint Rule list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

EndpointRuleListResult (schema)

Paged Collection of Endpoint Rules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Endpoint Rule list results array of EndpointRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EnforcedStatusDetailsNsxT (schema)

NSX-T Enforced Realized Status Details

Detailed Realized Status of an intent object on an NSX-T type of enforcement point. This is
a detailed view of the Realized Status of an intent object from an NSX-T enforcement point
perspective.

Name Description Type Notes
enforced_status_info Enforced Realized Status Info

Information about the realized status of the intent on this enforcement point. Some very
recent changes may be excluded when preparing this information, which is indicated by
Pending Changes Info.
EnforcedStatusInfoNsxT Readonly
pending_changes_info Pending Changes Info

Information about pending changes, if any, that aren't reflected in the Enforced Realized
Status.
PendingChangesInfoNsxT Readonly

EnforcedStatusInfoNsxT (schema)

NSX-T Enforced Realized Status Information

Information about the realized status of the intent object on an NSX-T type of enforcement point.
Some very recent changes may be excluded when preparing this information, which is indicated by
Pending Changes Info. In addition to the realized status across all scopes, this information holds
details about enforced realized status per scope.

Name Description Type Notes
enforced_status Enforced Realized Status

Consolidated Realized Status of an Intent object across all scopes of an NSX-T type of
enforcement point.
EnforcedStatusNsxT Readonly
enforced_status_per_scope List of Enforced Realized Status per Scope

List of Enforced Realized Status per Scope.		 array of EnforcedStatusPerScopeNsxT
(Abstract type: pass one of the following concrete types)
TransportNodeSpanEnforcedStatus		 Readonly

EnforcedStatusNsxT (schema)

NSX-T Enforced Status

NSX-T Enforced Status.

Name Description Type Notes
status Enforced Realized Status

Enforced Realized Status.		 RuntimeState Readonly
status_message Status Message

Status Message conveying hints depending on the status value.
string Readonly

EnforcedStatusPerScopeNsxT (schema)

NSX-T Enforced Realized Status Per Scope

NSX-T Detailed Realized Status Per Scope.
This is an abstract type. Concrete child types:
TransportNodeSpanEnforcedStatus

Name Description Type Notes
resource_type Resource Type

Enforced Realized Status Per Scope Resource Type.
string Required
Readonly
Enum: TransportNodeSpanEnforcedStatus

EnforcedStatusPerTransportNode (schema)

Enforced Realized Status Per Transport Node

Detailed Realized Status Per Transport Node.

Name Description Type Notes
display_name Transport Node Display Name

Display name of the transport node.
string Readonly
enforced_status Enforced Realized Status

Realized Status of an Intent object on this Transport Node.
EnforcedStatusNsxT Readonly
nsx_id Transport Node Identifier

UUID identifying uniquely the Transport Node.
string Readonly
path Transport Node Path

Policy Path referencing the transport node.
string Readonly

EnforcementPoint (schema)

Enforcement Point

Enforcement point is the endpoint where policy configurations are applied.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auto_enforce Auto Enforce Flag

Auto enforce flag suggests whether the policy objects shall be automatically
enforced on this enforcement point or not. When this flag is set to true,
all policy objects will be automatically enforced on this enforcement
point. If this flag is set to false, user shall rely on the usual means
of realization, i.e., deployment maps.
boolean Default: "True"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildClusterControlPlane
ChildHostTransportNode
ChildHostTransportNodeCollection
ChildPolicyEdgeCluster
ChildPolicyTransportZone
connection_info Enforcement Point Connection Info

Connection Info of the Enforcement Point.		 EnforcementPointConnectionInfo
(Abstract type: pass one of the following concrete types)
AviConnectionInfo
CvxConnectionInfo
NSXTConnectionInfo
NSXVConnectionInfo		 Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EnforcementPoint string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
version Enforcement point Version

Version of the Enforcement point.		 string Readonly

EnforcementPointConnectionInfo (schema)

Enforcement Point Connection Info

Contains information required to connect to enforcement point. This is an abstract type. Concrete child types:
AviConnectionInfo
CvxConnectionInfo
NSXTConnectionInfo
NSXVConnectionInfo

Name Description Type Notes
enforcement_point_address Enforcement Point Address

Value of this property could be Hostname or IP. For instance:
- On an NSX-T MP running on default port, the value could be "10.192.1.1"
- On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789"
- On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"
string Required
resource_type Connection Info Resource Type

Resource Type of Enforcement Point Connection Info.		 string Required
Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo

EnforcementPointListRequestParameters (schema)

Enforcement Point List Request Parameters

Enforcement point list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

EnforcementPointListResult (schema)

Paged Collection of EnforcementPoints

Paged collection of enforcement points.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Enforcement Point List Results

Enforcement Point list Results.		 array of EnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EnforcementPointRequest (schema)

Enforcement point request entity

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path of enforcement point on request is to be made.
string

EntityInstanceCountConstraintExpression (schema)

Represents the leaf level constraint to restrict the number instances of type.

Represents the leaf level constraint to restrict the number instances of an entity
type can be created. This is useful in restricting number of CGWs or MGWs or
Providers that can created in a system.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
count Instance count.

Instance count.		 integer Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
operator Operations supported '<' and '<='. string Required
resource_type Must be set to the value EntityInstanceCountConstraintExpression string Required
Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

EpochMsTimestamp (schema)

Timestamp in milliseconds since epoch

Name Description Type Notes
EpochMsTimestamp Timestamp in milliseconds since epoch integer

ErrorInfo (schema)

Error information

Name Description Type Notes
error_code Error code

Error code of the error.		 int
error_message Error message string Required
Readonly
timestamp Timestamp when the error occurred EpochMsTimestamp Required
Readonly

ErrorResolverInfo (schema)

Metadata related to a given error_id

Name Description Type Notes
error_id The error id for which metadata information is needed integer Required
resolver_present Indicates whether there is a resolver associated with the error or not boolean Required
user_metadata User supplied metadata that might be required by the resolver ErrorResolverUserMetadata

ErrorResolverInfoList (schema)

Collection of all registered ErrorResolverInfo

Name Description Type Notes
results ErrorResolverInfo list array of ErrorResolverInfo Required

ErrorResolverMetadata (schema)

Error along with its metadata

Name Description Type Notes
entity_id The entity/node UUID where the error has occurred. string Required
error_id The error id as reported by the entity where the error occurred. integer Required
system_metadata This can come from some external system like syslog collector ErrorResolverSystemMetadata
user_metadata User supplied metadata that might be required by the resolver ErrorResolverUserMetadata

ErrorResolverMetadataList (schema)

List of errors with their metadata

Name Description Type Notes
errors List of errors with their corresponding metadata. array of ErrorResolverMetadata Required

ErrorResolverSystemMetadata (schema)

Metadata fetched from an external system like Syslog or LogInsight.

Name Description Type Notes
value The value fetched from another system string

ErrorResolverUserInputData (schema)

Corresponds to one property entered by the user

Name Description Type Notes
data_type The datatype of the given property. Useful for data validation string Required
Enum: TEXT, NUMBER, PASSWORD
property_name Name of the property supplied by the user string Required
property_value The value associated with the above property string

ErrorResolverUserMetadata (schema)

User supplied metadata needed for resolving errors

Name Description Type Notes
user_input_list List of user supplied input data. array of ErrorResolverUserInputData

EsgToRouterMappingOptionSpec (schema)

Spec for NSX-V ESG to NSX-T Router mapping option

Spec for NSX-V ESG to NSX-T Router mapping option.

Name Description Type Notes
mapping_option Mapping option

Mapping option can be - - UI - FILE_UPLOAD - NO_MAPPING		 string Required
Enum: UI, FILE_UPLOAD, NO_MAPPING

EsxGlobalOpaqueConfig (schema)

ESX global opaque configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
opaque_config A list of global opaque configuration for ESX hosts. array of KeyValuePair Required
resource_type Must be set to the value EsxGlobalOpaqueConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

EtherTypeNSService (schema)

An NSService element that represents an ethertype protocol

Name Description Type Notes
ether_type Type of the encapsulated protocol integer Required
resource_type Must be set to the value EtherTypeNSService string Required
Enum: EtherTypeNSService, IPProtocolNSService, IGMPTypeNSService, ICMPTypeNSService, ALGTypeNSService, L4PortSetNSService

EtherTypeServiceEntry (schema)

A ServiceEntry that represents an ethertype protocol

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ether_type Type of the encapsulated protocol integer Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EtherTypeServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

EthernetHeader (schema)

Name Description Type Notes
dst_mac Destination MAC address of the Ethernet header

The destination MAC address of form:
"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.
string
eth_type The value of the type field to be put into the Ethernet header

This field defaults to IPv4.		 integer Minimum: 1
Maximum: 65535
Default: "2048"
src_mac Source MAC address of the Ethernet header

The source MAC address of form:
"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.
string

Evaluation (schema)

Criterion Evaluation

Criterion Evaluation is the basic logical condition to evaluate
whether the event could be potentially met.
This is an abstract type. Concrete child types:
SourceFieldEvaluation

Name Description Type Notes
resource_type Resource Type

Criterion Evaluation resource type.
string Required
Enum: SourceFieldEvaluation

Event (schema)

Reaction Event

The Event is the criterion or criteria applied to the source and,
when met, prompt Policy to run the action.
All Reaction Events are constructed with reference to
the object, the "source", that is logically deemed to be the
object upon which the Event in question initially occurred upon.
Some example events include:
- New object was created.
- Change in realization state.
- Specific API is called.

Name Description Type Notes
criteria Event Criteria

Criteria applied to the source and, if satisfied, would trigger the
action. Criteria is composed of criterions. In order for the Criteria
to be met, only one of the criterion must be fulfilled (implicit OR).
array of Criterion
source Event Source

Source that is logically deemed to be the "object" upon which the Event
in question initially occurred upon.
Source
(Abstract type: pass one of the following concrete types)
ApiRequestBody
ResourceOperation		 Required

EventListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of events defined array of MonitoringEvent Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EvpnConfig (schema)

Evpn Configuration

Evpn Configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
advanced_config Advanced configuration for evpn config

Advanced configuration for evpn config.
EvpnConfigAdvancedConfig
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
encapsulation_method Encapsulation method for EVPN.

Encapsulation method for EVPN service that is used by the transport layer.
EvpnEncapConfig
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mode EVPN service mode

In INLINE mode, edge nodes participate both in the BGP EVPN control
plane route exchange and in data path tunneling between edge nodes
and data center gateways. In ROUTE_SERVER mode, edge nodes participate
in the BGP EVPN control plane route exchanges only and do not participate
in the data forwarding, i.e., the data path tunnels are directly
established between the hypervisors and the data center gateways.
DISABLE mode disables EVPN service capability.
string Enum: INLINE, ROUTE_SERVER, DISABLE
Default: "DISABLE"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EvpnConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

EvpnConfigAdvancedConfig (schema)

Advanced configuration for evpn config

NSX specific configuration for evpn config

Name Description Type Notes
EvpnConfigAdvancedConfig Advanced configuration for evpn config

NSX specific configuration for evpn config		 object

EvpnEncapConfig (schema)

Encapsulation method for EVPN

Encapsulation method for EVPN.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
evpn_tenant_config_path EVPN tenant config path string
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EvpnEncapConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
vni_pool_path vni pool path string

EvpnTenantConfig (schema)

Evpn Tenant Configuration for Evpn in ROUTE-SERVER mode.

This resource is relevant only when Evpn Service is configured in ROUTE-SERVER mode.
The resource defines Vlans to VNIs mappings used by Evpn tenant VMs for overlay VXLAN transmission when attached
to vRouter. The resource contains overlay transport_zone_path and vni_pool_path to orchestrate creation of child Logical-Switches.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mappings VLANs to VNIs mapping spec

This property specifies a mapping spec of incoming Evpn tenant vlan-ids to VXLAN VNIs used for overlay
transmission to Physical-Gateways used by vRouters.
array of VlanVniRangePair Required
Minimum items: 1
Maximum items: 2000
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EvpnTenantConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zone_path Policy path to the transport zone

Policy path to transport zone. Only overlay transport zone is supported.		 string Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
vni_pool_path Policy path to the vni pool

Policy path to the vni pool used for Evpn in ROUTE-SERVER mode.		 string Required

EvpnTenantConfigListRequestParameters (schema)

Evpn Tenant Config list request parameters

Evpn Tenant Config list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

EvpnTenantConfigListResult (schema)

Paged Collection of Evpn Tenant Configuration

Collection of Evpn Tenant Configuration.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Evpn Tenant Config list results

Evpn Tenant Config list results		 array of EvpnTenantConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

EvpnTunnelEndpointConfig (schema)

Evpn Tunnel Endpoint Configuration

Evpn Tunnel Endpoint Configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_path edge path string Required
id Unique identifier of this resource string Sortable
local_addresses local addresses array of IPv4Address Required
Minimum items: 1
Maximum items: 1
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mtu MTU int Minimum: 64
Maximum: 9100
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value EvpnTunnelEndpointConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

EvpnTunnelEndpointConfigListRequestParameters (schema)

Evpn Tunnel Endpoint Config list request parameters

Evpn Tunnel Endpoint Config list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

EvpnTunnelEndpointConfigListResult (schema)

Paged Collection of Evpn Tunnel Endpoint Configuration

Collection of Evpn Tunnel Endpoint Configuration.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Evpn Tunnel Endpoint Configuration list results

Evpn Tunnel Endpoint Configuration list results		 array of EvpnTunnelEndpointConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ExcludeList (schema)

Exclusion List

List of entities where Distributed Firewall will not be enforced. Exclusion List can contain NSGroup(s) or LogicalPort(s) or LogicalSwitch(es) to exclude Distributed Firewall enforcement.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
member_count Total Member Count

Total number of members present in Exclude List.		 integer Readonly
members Member list

List of members in Exclusion List		 array of ResourceReference Required
Maximum items: 1000
resource_type Must be set to the value ExcludeList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ExcludeListRequestParams (schema)

Parameters for filtering the exclude list

Name Description Type Notes
deep_check Check all parents

Deep check all parents of requested object_id if any of them is in exclude list. If found, makes requested entity as excluded.		 boolean Default: "False"
object_id identifier of the object string Required
Maximum length: 64
object_type Type of the object

Used if requested for deep_check. Type allows ability to find its association and parent entities.		 ExcludeMemberType

ExcludeMemberType (schema)

Object type of an entity

Enum of supported excluded member types.

Name Description Type Notes
ExcludeMemberType Object type of an entity

Enum of supported excluded member types.		 string Readonly
Enum: NSGroup, LogicalPort, LogicalSwitch

ExportRequestParameter (schema)

Export task request parameters

This holds the request parameters required to invoke export task.

Name Description Type Notes
draft_path Policy path of draft

Policy path of a draft which is to be exported.
If not provided, current firewall configuration will then be exported.
string
passphrase Passphrase to sign exported files

Passphrase to sign exported files.
The passphrase specified must be at least 8 characters in length and
must contain at least one lowercase, one uppercase, one numeric
character and one non-space special character.
string Required
Minimum length: 8
Pattern: "^$|^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^a-zA-Z\d\s]).{8,}$"

ExportTask (schema)

Export task information

This object holds the information of the export task.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
async_response_available True if response for asynchronous request is available boolean Readonly
cancelable True if this task can be canceled boolean Readonly
description Description of the task string Readonly
draft_path Policy path of a draft

Policy path of a draft if this is an export task to export draft
configuration.
string Readonly
end_time The end time of the task in epoch milliseconds EpochMsTimestamp Readonly
exported_file Name of the exported file

Name of the exported file generated after completion of export task.
string Readonly
failure_msg Reason of the task failure

This property holds the reason of the task failure, if any.
string Readonly
id Identifier for this task string Readonly
message A message describing the disposition of the task string Readonly
progress Task progress if known, from 0 to 100 integer Readonly
Minimum: 0
Maximum: 100
request_method HTTP request method string Readonly
request_uri URI of the method invocation that spawned this task string Readonly
start_time The start time of the task in epoch milliseconds EpochMsTimestamp Readonly
status Current status of the task TaskStatus Readonly
user Name of the user who created this task string Readonly

Expression (schema)

Base class for each node of the expression

All the nodes of the expression extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
Condition
ConjunctionOperator
ExternalIDExpression
IPAddressExpression
IdentityGroupExpression
MACAddressExpression
NestedExpression
PathExpression

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Expression string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ExtendedSolutionConfig (schema)

Extended Solution Configuration Info

Extended Solution Config would contain Vendor specific information required for NXGI partner Service VM.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attributes Servcie attributes

List of attributes specific to a partner which needs to be passed to host.		 array of Attribute Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ExtendedSolutionConfig string
service_id Service Id

The service to which the solution config belongs.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ExternalGatewayBfdConfig (schema)

External Bidirectional Flow Detection configuration

Configuration for BFD session between host nodes and external gateways.
If this configuration is not provided, system defaults are applied.

Name Description Type Notes
bfd_profile_path Policy path to Bfd Profile string
enable Enable BFD session

Flag to enable BFD session.		 boolean Default: "True"

ExternalIDExpression (schema)

External ID expression node

Represents external ID expressions in the form of an array, to support addition of objects like virtual interfaces, virtual machines, CloudNativeServiceInstance PhysicalServer to a group.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_ids Array of external IDs for the specified member type

This array can consist of one or more external IDs for the specified member type.		 array of string Required
Minimum items: 1
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
member_type External ID member type string Required
Enum: VirtualMachine, VirtualNetworkInterface, CloudNativeServiceInstance, PhysicalServer
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ExternalIDExpression string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ExtraConfig (schema) (Deprecated)

Vendor specific configuration on logical switch or logical port

Extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on either logical switch
or logical port.
If it was set on logical switch, it will be inherited automatically by logical
ports in it. Also logical port setting will override logical switch setting
if specific key was dual set on both logical switch and logical port.

Name Description Type Notes
config_pair Key value pair in string for the configuration UnboundedKeyValuePair Required

ExtraConfigHostSwitchProfile (schema) (Deprecated)

Profile for extra configs in host switch

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
extra_configs list of extra configs array of ExtraConfig
id Unique identifier of this resource string Sortable
required_capabilities array of string Readonly
resource_type Must be set to the value ExtraConfigHostSwitchProfile HostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FIPSGlobalConfig (schema)

Global configuration

Global configuration

Name Description Type Notes
lb_fips_enabled A flag to turn on or turn off the FIPS compliance of load balancer feature.

When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature.		 boolean Default: "False"
tls_fips_enabled A flag to turn on or turn off the FIPS compliance of TLS inspection feature.

When this flag is set to true FIPS mode will be set on ssl encryptions of TLS inspection feature.		 boolean Readonly
Default: "False"

FabricHostNode (schema)

Name Description Type Notes
compute_collection_id Compute collection id

Id of the compute collection to which discovered node belongs.		 string Readonly
discovered_ip_addresses Discovered IP Addresses of the transport node, version 4 or 6 array of IPAddress Readonly
discovered_node_id Discovered node id

Id of discovered node which was converted to create this node.		 string Readonly
fqdn Fully qualified domain name of the transport node string Readonly
host_credential Host login credentials

Login credentials for the host. It is mandatory to provide
credentials while adding host to MP to create transport node.
HostNodeLoginCredential
ip_addresses IP Addresses of the Node, version 4 or 6

IP Addresses of the Node, version 4 or 6.
array of IPAddress Required
maintenance_mode_state Maintenance mode state

Indicates host node's maintenance mode state. The state is ENTERING
when a task to put the host in maintenance-mode is in progress.
string Readonly
Enum: OFF, ENTERING, ON
managed_by_server Id of vCenter server managing the HostNode

The id of the vCenter server managing the ESXi type HostNode		 string Readonly
os_type Hypervisor OS type

Hypervisor type, for example ESXi or RHEL KVM		 string Required
Enum: ESXI, RHELKVM, RHELSERVER, WINDOWSSERVER, RHELCONTAINER, UBUNTUKVM, UBUNTUSERVER, HYPERV, CENTOSKVM, CENTOSSERVER, CENTOSCONTAINER, SLESKVM, SLESSERVER, OELSERVER
os_version Hypervisor OS version

Version of the hypervisor operating system		 string
windows_install_location Install location of Windows Server on baremetal being managed by NSX

Specify an installation folder to install the NSX kernel modules for Windows Server. By default, it is C:\Program Files\VMware\NSX\.		 string

FailedNodeSupportBundleResult (schema)

Name Description Type Notes
error_code Error code string Required
Readonly
error_message Error message string Required
Readonly
node_display_name Display name of node string Required
Readonly
node_id UUID of node string Required
Readonly

FailedOrWarningConfig (schema)

Failed or Warning Config

Name Description Type Notes
controller Controller Connection State string
core Core Names array of string
dataplane Dataplane State string
edge-agent Edge Agent State string
manager Manager Connection State string
nestdb NestDB State string
nsd Nsd State string
nsxa-edge-cluster Edge Cluster State string
nsxa-lrouter Logical Router State string
nsxa-service-router Service Router State string
nsxa-state NSXA State string

FailureDomain (schema)

Failure Domain for edge transport node

Failure Domain is engineered to be isolated from failures in other failure
domains, and to provide inexpensive, low-latency network connectivity to
other failure domains in the same region. We support failure domain only on
edge transport node. Like you can consider one rack as one failure domain
and place active-standby contexts like logical router, DHCP and MDProxy in
two different failure domains (racks). So failure of a single rack (FD) does
not impact any services and other rack (FD) will continue to handle traffic.
Initially system creates one default failure domain. For any edge transport
node, if failure domains is not given, it will be mapped to default system
generated failure domain. You can't update preferred_active_edge_services
flag for system generated default failure domain. It will be unset which
means that failure domain can be used for both active and standby allocation.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
preferred_active_edge_services Set preference for failure domain

Set preference for edge transport node failure domain which will be
considered while doing auto placement of logical router, DHCP and
MDProxy on edge node.
true: For preemptive failover mode, active edge cluster member
allocation preferes this failure domain.
false: For preemptive failover mode, standby edge cluster member
allocation preferes this failure domain.
Default will be unset. It means no explicit preference.
boolean
resource_type Must be set to the value FailureDomain string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FailureDomainListResult (schema)

Failure Domain queries result

It will have list of failure domains which also includes system generated
failure domain.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Failure Domain Results

Array of all failure domains including system generated default
failure domain
array of FailureDomain Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FeaturePermission (schema)

Feature Permission

Name Description Type Notes
feature Feature Id string Required
feature_description Feature Description string
feature_name Feature Name string
is_execute_recommended Is execute recommended boolean Readonly
is_internal Is internal boolean Readonly
permission Permission string Required
Enum: crud, read, execute, none

FeaturePermissionArray (schema)

Name Description Type Notes
feature_permissions Array of FeaturePermission array of FeaturePermission Required

FeaturePermissionListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List results array of FeaturePermission Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FeaturePermissionRequestParameters (schema)

RBAC Objects qualifier

Name Description Type Notes
feature_name Feature name string Required
object_path Exact object Policy path string Required

FeatureSet (schema)

List of features required to view the widget

Represents list of features required to view the widget.

Name Description Type Notes
feature_list List of features required for to view wdiget

List of features required for to view widget.		 array of string
require_all_permissions Flag for specifying if permission to all features is required

Flag for specifying if permission to all features is required If set to false, then if there is permission for any of the feature from feature list, widget will be available.		 boolean

FeatureStackCollectionConfiguration (schema)

HPM feature stack data collection frequency configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
client_type_collection_configurations Client type collection configurations

The set of client type data collection configurations		 array of ClientTypeCollectionConfiguration
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
feature_stack_name Feature stack name

The name of the feature stack		 string Required
id Unique identifier of this resource string Sortable
resource_type Must be set to the value FeatureStackCollectionConfiguration string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FeatureStackCollectionConfigurationList (schema)

Feature stack collection configuration list result

Name Description Type Notes
results Feature stack configurations

The complete set of feature stack data collection configurations		 array of FeatureStackCollectionConfiguration Readonly

FeatureUsage (schema)

feature usage result item

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
capacity_usage Capacity Usage List array of CapacityUsage Required
Readonly
feature name of the feature string Readonly

FeatureUsageCsvRecord (schema)

Name Description Type Notes
ccu_usage_count count of number of concurrent users integer Readonly
core_usage_count Number of CPU cores used by this feature integer Readonly
cpu_usage_count count of number of cpu sockets used by this feature integer Readonly
feature name of the feature string Readonly
vcpu_usage_count count of number of vcpus of public cloud VMs integer Readonly
vm_usage_count count of number of vms used by this feature integer Readonly

FeatureUsageList (schema)

list of feature usage items

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
feature_usage_info Feature Usage List array of FeatureUsage Required
Readonly

FeatureUsageListInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has
never updated the data.
EpochMsTimestamp Readonly
results array of FeatureUsageCsvRecord

FederationConfig (schema)

Global Manager federation configuration

Global Manager federation configuration. This configuration is distributed
to all Sites participating in federation.

Name Description Type Notes
site_config Federation configurations of all Sites array of SiteFederationConfig Readonly

FederationConfiguration (schema)

Federation configuration

Federation configuration.

Name Description Type Notes
epoch Epoch integer Required
id Federation id string Required
sites Sites array of FederationSite Required

FederationConnectivityConfig (schema)

Federation connectivity configuration

Additional configuration required for federation.

Name Description Type Notes
global_overlay_id Auto generated federation global 24-bit id

Global id for by Layer3 services for federation usecases.
integer Readonly

FederationGatewayConfig (schema)

Federation gateway configuration

Additional gateway configuration required for federation

Name Description Type Notes
global_overlay_id Auto generated federation global 24-bit id

Global id for by Layer3 services for federation usecases.
integer Readonly
site_allocation_indices Indicies for cross site allocation

Indicies for cross site allocation for edge cluster
and its members referred by gateway.
array of SiteAllocationIndexForEdge Readonly
transit_segment_id Auto generated federation global id for transit segment

Global UUID for transit segment id to be used by Layer2 services for
federation usecases.
string Readonly

FederationQueueInfo (schema)

Details about a specific queue in the flow

Provides insights into details of a specific queue in the flows. For example
Global Manager to Local Manager flow, there is a queue on the Global Manager
for sending and a queue on Local Manager for receiving.

Name Description Type Notes
current_size Number of messages in the queue integer
max_size Maixmum capacity of the queue integer
name Queue name string
namespace Queue namespace

Every persistent queue has name and namespace. For more debugging like
dumping queue, namespace is needed.
string
type Queue type - sender or receiver side string Enum: TRANSMITTER, RECEIVER

FederationSite (schema)

Site information

Site information.

Name Description Type Notes
active_gm Does site have active GM string Required
Enum: ACTIVE, STANDBY, NONE, INVALID
aph_list Aph services in the site array of AphInfo Required
cert_hash Hash of the trustManagerCert string
cluster_id Cluster id string
config_version Site config version integer
id Id of the site string Required
is_federated Is site federated boolean Required
is_local Is site local boolean Required
name Name of the site string Required
node_type Type of node string Required
Enum: GM, LM, GM_AND_LM
site_version Version of the site string Required
split_brain Split brain boolean
system_id System id integer Required
trust_manager_cert Cert string from trust manager string
vip_ip Vip ip string

FederationSiteMigrationState (schema)

Name Description Type Notes
site_migration_state Federation site-id and it's migration state map

Key-value pair of federation site-id and its migration-state i.e. 'ENABLED' or 'DISABLED'.		 array of KeyValuePair

FederationStatus (schema)

Name Description Type Notes
active_standby_sync_statuses Status of synchronization between active and standby sites. array of ActiveStandbySyncStatus Required
remote_connections Site connection status array of SiteStatus

FeedBack (schema)

Provide details related to feeback for MP to Policy promotion.

Provide details of validation/errors occurred during collection
,translation and apply phase in MP to Policy promotion.

Name Description Type Notes
error_list Error array list array of FeedBackErrorMessage Required
mp_display_name Manager resource display name string Required
mp_id Manager resource id string Required
type Manager resource type string Required

FeedBackErrorMessage (schema)

FeedBackErrorMessage

Provide details of error_id and error description for errors occurred during collection
,translation and apply phase in MP to Policy promotion.

Name Description Type Notes
error_desc Error description due to which promotion is not successful. string Required
error_id Error Id due to which promotion is not successful. string Required

FeedBackListRequestParameters (schema)

FeedBack List Request Parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
location Location flag

Location flag corresponds to the version of feedback. It can be
CURRENT - feedback of current promotion
ARCHIVED - feedback of previous sucessful promotion
string Enum: CURRENT, ARCHIVED
Default: "CURRENT"
mp_display_name Specify the mp resource display name to filter corresponding feedbacks.

Specify the mp resource display name to filter corresponding feedbacks.		 string
mp_id Specify the mp resource id to filter corresponding feedbacks.

Specify the mp resource id to filter corresponding feedbacks.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_type Specify the mp resource type to filter corresponding feedbacks.

Specify the mp resource type to filter corresponding feedbacks.		 string
sort_ascending boolean
sort_by Field by which records are sorted string

FeedBackListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Feedback object list results.

Feedback object list results.
array of FeedBack
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FeedbackListRequestParameters (schema)

Name Description Type Notes
category Category on which feedback request should be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string
hash Hash based on which feedback request should be filtered string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
network_layer Network layer for which feedback is generated

Network layer for which feedback is generated. This field is mandatory in BYOT modes.		 string Enum: L2, L3_L7
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
state Filter based on current state of the feedback request string Enum: ALL, RESOLVED, UNRESOLVED
Default: "ALL"
sub_category Sub category based on which feedback request should be filtered string

FeedbackResponseRequestParameters (schema)

Name Description Type Notes
network_layer Network layer for which feedback is generated

Network layer for which feedback is generated. This field is mandatory in BYOT modes.		 string Enum: L2, L3_L7

FeedbackSummaryListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
network_layer Network layer for which feedback is generated

Network layer for which feedback is generated. This field is mandatory in BYOT modes.		 string Enum: L2, L3_L7
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

FieldSanityConstraintExpression (schema)

Represents the field value sanity constraint

Represents the field value constraint to constrain specified field
value based on defined sanity checks.
Example - For DNS.upstream_servers, all the IP addresses must either be
public or private.
{
"target": {
"target_resource_type": "DnsForwarderZone",
"attribute": "upstreamServers",
"path_prefix": "/infra/dns-forwarder-zones/"
},
"constraint_expression": {
"resource_type": "FieldSanityConstraintExpression",
"operator": "OR",
"checks": ["ALL_PUBLIC_IPS", "ALL_PRIVATE_IPS"]
}
}

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
checks Array of sanity checks to be performed on field value

List of sanity checks.		 array of string Required
Enum: ALL_PUBLIC_IPS, ALL_PRIVATE_IPS, ALL_IPV6_CIDRS, ALL_IPV6_IPS, ALL_IPV4_CIDRS, ALL_IPV4_IPS
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
operator A conditional operator string Required
Enum: OR, AND
resource_type Must be set to the value FieldSanityConstraintExpression string Required
Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FieldSetting (schema)

FieldSetting

Field Setting.

Name Description Type Notes
field_pointer Field Pointer

Field Pointer.		 string Required
value Value

Value that the field must be set to.		 FieldSettingValue
(Abstract type: pass one of the following concrete types)
ConstantFieldValue		 Required

FieldSettingValue (schema)

Field Setting Value

Field Setting Value.
This is an abstract type. Concrete child types:
ConstantFieldValue

Name Description Type Notes
resource_type Resource Type

Field Setting Value resource type.
string Required
Enum: ConstantFieldValue

FieldsFilterData (schema)

Name Description Type Notes
ip_info IP address information IpInfo
resource_type Must be set to the value FieldsFilterData string Required
Enum: FieldsFilterData, PlainFilterData
Default: "FieldsFilterData"
transport_info Transport layer information TransportInfo

FieldsPacketData (schema)

Name Description Type Notes
arp_header The ARP header ArpHeader
eth_header The ethernet header EthernetHeader
frame_size Requested total size of the (logical) packet in bytes

If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.		 integer Minimum: 60
Maximum: 1000
Default: "128"
ip_header The IPv4 header Ipv4Header
ipv6_header The IPv6 header Ipv6Header
payload RFC3548 compatible base64-encoded payload

Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload contains any data the user wants to put after the transport header.		 string Maximum length: 1336
resource_type Must be set to the value FieldsPacketData string Required
Enum: BinaryPacketData, FieldsPacketData
Default: "FieldsPacketData"
routed A flag, when set true, indicates that the traceflow packet is of L3 routing. boolean
transport_header The transport header

This field contains a protocol that is above IP. It is not restricted to the 'transport' defined by the OSI model (e.g., ICMP is supported).		 TransportProtocolHeader
transport_type transport type of the traceflow packet

This type takes effect only for IP packet.		 string Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN
Default: "UNICAST"

FileProperties (schema)

File properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
created_epoch_ms File creation time in epoch milliseconds integer Required
modified_epoch_ms File modification time in epoch milliseconds integer Required
name File name string Required
Pattern: "^[^/]+$"
size Size of the file in bytes integer Required

FilePropertiesListResult (schema)

File properties query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results File property results array of FileProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FileThumbprint (schema)

File thumbprint

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
name File name string Required
Pattern: "^[^/]+$"
sha1 File's SHA1 thumbprint string Required
sha256 File's SHA256 thumbprint string Required

FileTransferAuthenticationScheme (schema)

Remote server authentication details

Name Description Type Notes
password Password to authenticate with string
scheme_name Authentication scheme name string Required
Enum: PASSWORD
username User name to authenticate with string Required
Pattern: "^([a-zA-Z][a-zA-Z0-9-.]*[a-zA-Z]\\\){0,1}\w[\w.-]+$"

FileTransferProtocol (schema)

Protocol to transfer backup file to remote server

Name Description Type Notes
authentication_scheme Scheme to authenticate if required FileTransferAuthenticationScheme Required
protocol_name Protocol name string Required
Enum: sftp
Default: "sftp"
ssh_fingerprint SSH fingerprint of server

The expected SSH fingerprint of the server. If the server's fingerprint
does not match this fingerprint, the connection will be terminated.

Only ECDSA fingerprints hashed with SHA256 are supported. To obtain the
host's ssh fingerprint, you should connect via some method other than
SSH to obtain this information. You can use one of these commands to
view the key's fingerprint:
1. ssh-keygen -l -E sha256 -f ssh_host_ecdsa_key.pub
2. awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum -b |
sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' |
awk '{print "SHA256:"$1}'
string Required
Pattern: "^SHA256:.*$"

FileType (schema)

MalwarePrevention File type

Name Description Type Notes
FileType MalwarePrevention File type string Enum: DOCUMENT, EXECUTABLE, MEDIA, ARCHIVE, DATA, SCRIPT, OTHER

Filter (schema)

Name Description Type Notes
name The name of the filter. string Required
value The value of the filter. string Required

FilterRequest (schema)

Filter request

Filter request parameters

Name Description Type Notes
case_sensitive Flag to indicate whether filtering is case-sensitive or not

Set this flag to true to make filtering case-sensitive.
boolean Default: "True"
field_names Field Names

Comma seperated fields to be filtered on		 string Required
value Value

Filter value		 string Required

FilterWidgetConfiguration (schema)

Filter widget Configuration

Represents configuration for filter widget. This is abstract representation of filter widget.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alias Alias to be used when emitting filter value

Alias to be used when emitting filter value.		 string
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value FilterWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

FipsGlobalConfig (schema)

NSX global configs for FIPS compliance settings

Policy api will overwrite the fipsGlobalConfig set using MP api. Always use https://<policyIp>/policy/api/v1/infra/global-config to update fips configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
lb_fips_enabled A flag to turn on or turn off the FIPS compliance of load balancer feature.

When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature.		 boolean Default: "False"
resource_type Must be set to the value FipsGlobalConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FireWallServiceAssociationListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Firewall rule list result

Firewall rule list result with pagination support.		 array of FirewallRule Required
Readonly
service_type Must be set to the value FireWallServiceAssociationListResult string Required
Enum: FireWallServiceAssociationListResult, IpfixServiceAssociationListResult
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FirewallCategory (schema)

Firewall Category

Statistic category for the type of rules in a section, like Layer2 Distributed Firewall, Layer3 DFW.

Name Description Type Notes
FirewallCategory Firewall Category

Statistic category for the type of rules in a section, like Layer2 Distributed Firewall, Layer3 DFW.		 string Readonly
Enum: L2DFW, L3DFW, L3BRIDGEPORTFW, L3LOGICALROUTERFW

FirewallConfiguration (schema)

Firewall related configurations

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
disable_auto_drafts Auto draft disable flag

To disable auto drafts, set it to true.
By default, auto drafts are enabled.
boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_firewall Firewall enable flag

If set to true, Firewall is enabled.
boolean Default: "True"
global_addrset_mode_enabled A flag to indicate if global address set is enabled in DFW

When this flag is set to true, global address set is enabled in Distributed Firewall.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value FirewallConfiguration string Required
Enum: DfwFirewallConfiguration
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

FirewallContextType (schema)

Firewall Context Type

Types of firewall contexts.

Name Description Type Notes
FirewallContextType Firewall Context Type

Types of firewall contexts.		 string Enum: transport_nodes, logical_routers, bridge_ports

FirewallCpuMemThresholdsProfile (schema)

Firewall CPU and memory threshold profile

A profile holding CPU and memory threshold configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cpu_threshold_percentage CPU utilization threshold percentage

CPU utilization threshold percentage to monitor and report for distributed firewall.		 integer Required
Minimum: 10
Maximum: 100
Default: "90"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mem_threshold_percentage Heap memory threshold utilization percentage

Heap memory threshold percentage to monitor and report for distributed firewall.		 integer Required
Minimum: 10
Maximum: 100
Default: "90"
resource_type Must be set to the value FirewallCpuMemThresholdsProfile string Required
Enum: FirewallSessionTimerProfile, FirewallCpuMemThresholdsProfile, FirewallFloodProtectionProfile, FirewallDnsProfile, GeneralSecuritySettingsProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FirewallDnsProfile (schema)

Firewall DNS profile

A profile holding DNS configuration which allows firewall to use DNS response packets and manage firewall cache. e.g. TTL used to expire snooped entries from cache.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_ttl_config DNS TTL config

Firewall to use TTL config to manage firewall cache to expire snooped FQDN entries from DNS response.		 DnsTtlConfig
id Unique identifier of this resource string Sortable
resource_type Must be set to the value FirewallDnsProfile string Required
Enum: FirewallSessionTimerProfile, FirewallCpuMemThresholdsProfile, FirewallFloodProtectionProfile, FirewallDnsProfile, GeneralSecuritySettingsProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FirewallFilterByRequestParameters (schema)

Request parameters for filtering entities based on the given criteria

Name Description Type Notes
enforcement_point_path Path of the enforcement point

Path of the enforcement point from where the result need to be fetched.
If not provided, default enforcement point will be considered.
It is mandatory parameter on global manager.
string
parent_path Path of the parent object of the entities

The path of the parent object of entities that are need to be filtered
based in the given criteria.
Parent path is required for filtering rules of particular policy.
string
scope Scope filter criteria

All those firewall entities, policies/rules, will be returned whose scope
value satisfies the given criteria.
The value for scope can be,
- virtual machine id or
- logical router id.
Based on the given scope value, the entities will be filtered.
string Required

FirewallFloodProtectionProfile (schema)

Firewall flood protection profile

A profile holding protection configuration for SYN flood, UDP flood, ICMP flood and other flood attack.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_rst_spoofing Flag to indicate RST spoofing is enabled or not

The flag to indicate RST spoofing is enabled or not. This option does not apply to EDGE components. This can be enabled only if syncache is enabled.		 boolean Default: "False"
enable_syncache Flag to indicate syncache is enabled or not

The flag to indicate syncache is enabled or not. This option does not apply to EDGE components.		 boolean Default: "False"
icmp_active_flow_limit Maximum limit of active icmp connections

The maximum limit of active icmp connections. If this property is omitted, or set to null, then there is no limit on active icmp connections for those components if it's applied to ESX components (such as segment, segment port, virtual machine, etc); on the other side, if it's applied to EDGE components (such as, gateway), it will be set to default limit (10,000) on the specific components.		 integer Minimum: 1
Maximum: 1000000
id Unique identifier of this resource string Sortable
nat_active_conn_limit Maximum limit of active NAT connections

The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource.		 integer Minimum: 1
Maximum: 4294967295
Default: "4294967295"
other_active_conn_limit Maximum limit of other active connections besides udp, icmp and tcp half open connections

The maximum limit of other active connections besides udp, icmp and half open tcp connections. If this property is omitted, or set to null, then there is no limit on other active connections besides udp, icmp and tcp half open connections for those components if it's applied to ESX components (such as segment, segment port, virtual machine, etc); on the other side, if it's applied to EDGE components (such as, gateway), it will be set to default limit (10,000) on the specific components.		 integer Minimum: 1
Maximum: 1000000
resource_type Must be set to the value FirewallFloodProtectionProfile string Required
Enum: FirewallSessionTimerProfile, FirewallCpuMemThresholdsProfile, FirewallFloodProtectionProfile, FirewallDnsProfile, GeneralSecuritySettingsProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_half_open_conn_limit Maximum limit of half open tcp connections

The maximum limit of tcp half open connections. If this property is omitted, or set to null, then there is no limit on active tcp half open connections for those components if it's applied to ESX components (such as segment, segment port, virtual machine, etc); on the other side, if it's applied to EDGE components (such as, gateway), it will be set to default limit (1,000,000) on the specific components.		 integer Minimum: 1
Maximum: 1000000
udp_active_flow_limit Maximum limit of active udp connections

The maximum limit of active udp connections. If this property is omitted, or set to null, then there is no limit on active udp connections for those components if it's applied to ESX components (such as segment, segment port, virtual machine, etc); on the other side, if it's applied to EDGE components (such as, gateway), it will be set to default limit (100,000) on the specific component.		 integer Minimum: 1
Maximum: 1000000

FirewallGlobalConfig (schema)

NSX global configs for Distributed Firewall

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
global_addrset_mode_enabled A flag to indicate if global address set is enabled in DFW

When this flag is set to true, global address set is enabled in Distributed Firewall.		 boolean Default: "True"
global_fastpath_mode_enabled A flag to indicate if fast path searching is enabled in DFW

This property is deprecated. The fast path mode is always enabled in Distributed Firewall.		 boolean Deprecated
Default: "True"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value FirewallGlobalConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

FirewallIdentitySearchFilterValue (schema)

Searching domain entities using a matching filter value

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
filter_value Name search filter value

Search filter value is a substring match pattern only
which the target entity contains. It is case insentive
and doesn't allow wildcard.
string Required
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

FirewallIdentityStoreLdapServerTestParameters (schema)

Parameters for performing LDAP server test

Name Description Type Notes
action LDAP server test requested

Type of LDAP server test to perform.		 string Required
Enum: CONNECTIVITY
enforcement_point_path String Path of the enforcement point

Enforcement point path, forward slashes must be escaped using %2F.
string

FirewallIdentityStoreListRequestParameters (schema)

Firewall identity store list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

FirewallIdentityStoreSyncRequest (schema)

Firewall identity store synchronization request

Name Description Type Notes
action Sync type requested

Sync type could be either FULL sync or DELTA sync.
The full sync fetches all the objects under the
configured sync nodes while delta sync will get
the changed objects from previous sync time.
FULL_SYNC - Perform a full synchronization, where the local
state of all AD objects is updated.
DELTA_SYNC - Perform a delta synchronization, where local
AD objects that have changed since the last
synchronization are updated.
STOP_SYNC - Stop the synchronization process.
string Required
Enum: FULL_SYNC, DELTA_SYNC, STOP_SYNC
delay Request to execute the sync with some delay in seconds

The delay can be added to execute the sync action in the future.		 integer Minimum: 0
Default: "0"
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

FirewallInsertParameters (schema)

Parameters to tell where rule/section need to be added. All the params take rule/section Id.

Name Description Type Notes
id Identifier of the anchor rule or section. This is a required field in case operation like 'insert_before' and 'insert_after'. string Maximum length: 64
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

FirewallListRequestParameters (schema)

Parameters to filter list of sections/rules.

Pagination and Filtering parameters to get only a subset of sections/rules.

Name Description Type Notes
applied_tos AppliedTo's referenced by this section or section's Distributed Service Rules .

Where the Distributed Service Rules are applied.(used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
context_profiles Limits results to sections having rules with specific Context Profiles.

The context profile value in Firewall Rules (used for filtering the list). Single value is supported in current release. Multiple comma delmited values may be supported in future releases.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
deep_search Toggle to search with direct or indirect references.

This parameter allows firewall API to search and filter results when references in appliedtos are either directly used in rule/section or indirectly in another container which is used in rule/section. Currently param support is only for LogicalPort. Ignores search_invalid_references to reduce heavy check.		 boolean Default: "False"
destinations Destinations referenced by this section's Distributed Service Rules .

The destination value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
extended_sources Limits results to sections having rules with specific Extended Sources.

The extended source value in Firewall Rules (used for filtering the list). Single value is supported in current release. Multiple comma delmited values may be supported in future releases.		 string
filter_type Filter type

Filter type defines matching criteria to qualify a rule in result. Type
'FILTER' will ensure all criterias (sources, destinations, services,
extended sources, context profiles, appliedtos) are matched. Type
'SEARCH' will match any of the given criteria.
string Enum: FILTER, SEARCH
Default: "FILTER"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
search_invalid_references Return invalid references in results.

Used in conjunction with filter_type to find invalid i.e. non nonexistent references in given criteria (sources, destinations, extended sources, services, context profiles, applied_tos).		 boolean Default: "False"
services NSService referenced by this section's Distributed Service Rules .

Specifying this returns the Rules where this NSServiceElement is used (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
sort_ascending boolean
sort_by Field by which records are sorted string
sources Sources referenced by this section's Distributed Service Rules .

The source value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string

FirewallProfileListParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_type Profile resource type

Profile resource type		 string Required
sort_ascending boolean
sort_by Field by which records are sorted string

FirewallProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of the firewall profiles

List of firewall profiles.		 array of BaseFirewallProfile
(Abstract type: pass one of the following concrete types)
FirewallCpuMemThresholdsProfile
FirewallDnsProfile
FirewallFloodProtectionProfile
FirewallSessionTimerProfile
GeneralSecuritySettingsProfile		 Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FirewallRule (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_owner Owner of this resource OwnerResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
action Action

Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures. ALLOW_CONTINUE - Allows rules to jump from this rule. Action on matching rules in the destination category will decide next step. Application is default destination until new categories are supported to jump to. DETECT_PREVENT - Detect and Prevent IDS Signatures.		 string Required
Enum: ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT, ALLOW_CONTINUE, DETECT_PREVENT
applied_tos AppliedTo List

List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any.		 array of ResourceReference Maximum items: 128
context_profiles Context Profiles

NS Profile object which accepts attributes and sub-attributes of various network services (ex. L7 AppId, domain name, encryption algorithm) as key value pairs.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination List

List of the destinations. Null will be treated as any.		 array of ResourceReference Maximum items: 128
destinations_excluded Negation of destination

Negation of the destination.		 boolean Default: "False"
direction Rule direction

Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.		 string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Rule enable/disable flag

Flag to disable rule. Disabled will only be persisted but never provisioned/realized.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
extended_sources Extended Sources

List of NSGroups that have end point attributes like AD Groups(SID), process name, process hash etc. For Flash release, only NSGroups containing AD Groups are supported.		 array of ResourceReference Maximum items: 128
id Identifier of the resource string Readonly
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.		 string Enum: IPV4, IPV6, IPV4_IPV6
Default: "IPV4_IPV6"
is_default Default rule

Flag to indicate whether rule is default.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
notes Notes

User notes specific to the rule.		 string Maximum length: 2048
priority Rule priority

Priority of the rule.		 integer Readonly
resource_type Must be set to the value FirewallRule string
rule_tag Tag

User level field which will be printed in CLI and packet logs.		 string Maximum length: 32
section_id Section Id

Section Id of the section to which this rule belongs to.		 string Readonly
services Service List

List of the services. Null will be treated as any.		 array of FirewallService Maximum items: 128
sources Source List

List of sources. Null will be treated as any.		 array of ResourceReference Maximum items: 128
sources_excluded Negation of source

Negation of the source.		 boolean Default: "False"

FirewallRuleList (schema)

Name Description Type Notes
rules List of the firewall rules

List of firewall rules in the section. Only homogenous rules are supported.		 array of FirewallRule Required
Maximum items: 1000

FirewallRuleListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Firewall rule list result

Firewall rule list result with pagination support.		 array of FirewallRule Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FirewallSection (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_tos AppliedTo List

List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.		 array of ResourceReference Maximum items: 128
autoplumbed Tells if a section is auto-plumbed or not

This flag indicates whether it is an auto-plumbed section that is associated to a LogicalRouter. Auto-plumbed sections are system owned and cannot be updated via the API.		 boolean Readonly
Default: "False"
category Section category

Category from policy framework.		 string Readonly
comments Section lock/unlock comments

Comments for section lock/unlock.		 string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enforced_on Firewall Section Enforcement type

This attribute represents enforcement point of firewall section. For example, firewall section enforced on logical port with attachment type bridge endpoint will have 'BRIDGEENDPOINT' value, firewall section enforced on logical router will have 'LOGICALROUTER' value and rest have 'VIF' value.		 string Readonly
firewall_schedule Firewall Schedule Reference

Reference of the firewall schedule during which this section will be valid.		 ResourceReference
id Unique identifier of this resource string Sortable
is_default Default section flag

It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.		 boolean Readonly
lock_modified_by Lock modified by user

ID of the user who last modified the lock for the section.		 string Readonly
lock_modified_time Section locked/unlocked time

Section locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Section Locked

Section is locked/unlocked.		 boolean Readonly
Default: "False"
priority Section priority

Priority of current section with respect to other sections. In case the field is empty, the list section api should be used to get section priority.		 integer Readonly
resource_type Must be set to the value FirewallSection string
rule_count Rule count

Number of rules in this section.		 integer Readonly
section_type Section Type

Type of the rules which a section can contain. Only homogeneous sections are supported.		 string Required
Enum: LAYER2, LAYER3, L3REDIRECT, IDS
stateful Stateful nature of the distributed service rules in the section.

Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.		 boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict TCP Strict

If TCP strict is enabled on a section and a packet matches rule in it, the following check will be performed. If the packet does not belong to an existing session, the kernel will check to see if the SYN flag of the packet is set. If it is not, then it will drop the packet.		 boolean Default: "False"

FirewallSectionFilterParameters (schema)

Parameters to filter section from list of sections

Pagination and Filtering parameters to get only a subset of sections.

Name Description Type Notes
applied_tos AppliedTo's referenced by this section or section's Distributed Service Rules .

Where the Distributed Service Rules are applied.(used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
context_profiles Limits results to sections having rules with specific Context Profiles.

The context profile value in Firewall Rules (used for filtering the list). Single value is supported in current release. Multiple comma delmited values may be supported in future releases.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
deep_search Toggle to search with direct or indirect references.

This parameter allows firewall API to search and filter results when references in appliedtos are either directly used in rule/section or indirectly in another container which is used in rule/section. Currently param support is only for LogicalPort. Ignores search_invalid_references to reduce heavy check.		 boolean Default: "False"
destinations Destinations referenced by this section's Distributed Service Rules .

The destination value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
enforced_on Limit result to sections having a specific kind of enforcement point

Used to filter out results based on enforcement point of the section. If this parameter is BRIDGEENDPOINT, then return firewall sections enfored on logical port with attachment type bridgeendpoint. For LOGICALROUTER, then firewall sections enforced on Logical Router are returned. For VIF, other firewall sections are returned. Other values are not supported.		 AttachmentTypeQueryString
exclude_applied_to_type Limit result to sections not having a specific AppliedTo type

Used to filter out sections not having a specified AppliedTo target type. This parameter cannot be used along with include_applied_to_type parameter. Section filter only takes a single value for this param.		 DSAppliedToType
extended_sources Limits results to sections having rules with specific Extended Sources.

The extended source value in Firewall Rules (used for filtering the list). Single value is supported in current release. Multiple comma delmited values may be supported in future releases.		 string
filter_type Filter type

Filter type defines matching criteria to qualify a rule in result. Type
'FILTER' will ensure all criterias (sources, destinations, services,
extended sources, context profiles, appliedtos) are matched. Type
'SEARCH' will match any of the given criteria.
string Enum: FILTER, SEARCH
Default: "FILTER"
include_applied_to_type Limit result to sections having a specific AppliedTo type

Used to filter out results based on target type of a section's AppliedTo. Only sections with matching target type in its applied to will be returned. This parameter cannot be used along with exclude_applied_to_type parameter.Section filter only takes a single value for this param.		 DSAppliedToType
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
locked Limit results to sections which are locked/unlocked

Used to filter out locked or unlocked sections.		 boolean
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
search_invalid_references Return invalid references in results.

Used in conjunction with filter_type to find invalid i.e. non nonexistent references in given criteria (sources, destinations, extended sources, services, context profiles, applied_tos).		 boolean Default: "False"
search_scope Limit result to sections of a specific enforcement point

This parameter can be used to limit the search scope to certain firewalls. It can be the value of an appliedTo of a bridge port firewall or an edge firewal. Results will include sections only from that bridge port firewall or edge firewall. For example, if the identifier of a bridge port is given, the search result will only contain the sections of that bridge port firewall. If the identifier of logical router is given, the search result will only contain the sections of that edge firewall.		 string
services NSService referenced by this section's Distributed Service Rules .

Specifying this returns the Rules where this NSServiceElement is used (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
sort_ascending boolean
sort_by Field by which records are sorted string
sources Sources referenced by this section's Distributed Service Rules .

The source value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
type Section Type

Section Type with values layer2 or layer3		 string Enum: LAYER2, LAYER3
Default: "LAYER3"

FirewallSectionListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Section list

List of the firewall sections. The list has to be homogenous.		 array of FirewallSection Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FirewallSectionLock (schema)

Name Description Type Notes
comments Comments

Comments for section lock/unlock.		 string Required
Minimum length: 4
Maximum length: 4096
section_revision Section revision

Revision of the section.		 integer Required

FirewallSectionRuleList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_tos AppliedTo List

List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.		 array of ResourceReference Maximum items: 128
autoplumbed Tells if a section is auto-plumbed or not

This flag indicates whether it is an auto-plumbed section that is associated to a LogicalRouter. Auto-plumbed sections are system owned and cannot be updated via the API.		 boolean Readonly
Default: "False"
category Section category

Category from policy framework.		 string Readonly
comments Section lock/unlock comments

Comments for section lock/unlock.		 string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enforced_on Firewall Section Enforcement type

This attribute represents enforcement point of firewall section. For example, firewall section enforced on logical port with attachment type bridge endpoint will have 'BRIDGEENDPOINT' value, firewall section enforced on logical router will have 'LOGICALROUTER' value and rest have 'VIF' value.		 string Readonly
firewall_schedule Firewall Schedule Reference

Reference of the firewall schedule during which this section will be valid.		 ResourceReference
id Unique identifier of this resource string Sortable
is_default Default section flag

It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.		 boolean Readonly
lock_modified_by Lock modified by user

ID of the user who last modified the lock for the section.		 string Readonly
lock_modified_time Section locked/unlocked time

Section locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Section Locked

Section is locked/unlocked.		 boolean Readonly
Default: "False"
priority Section priority

Priority of current section with respect to other sections. In case the field is empty, the list section api should be used to get section priority.		 integer Readonly
resource_type Must be set to the value FirewallSectionRuleList string
rule_count Rule count

Number of rules in this section.		 integer Readonly
rules List of the firewall rules

List of firewall rules in the section. Only homogenous rules are supported.		 array of FirewallRule Required
Maximum items: 1000
section_type Section Type

Type of the rules which a section can contain. Only homogeneous sections are supported.		 string Required
Enum: LAYER2, LAYER3, L3REDIRECT, IDS
stateful Stateful nature of the distributed service rules in the section.

Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.		 boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict TCP Strict

If TCP strict is enabled on a section and a packet matches rule in it, the following check will be performed. If the packet does not belong to an existing session, the kernel will check to see if the SYN flag of the packet is set. If it is not, then it will drop the packet.		 boolean Default: "False"

FirewallSectionState (schema)

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
pending_change_list List of pending changes

Pending changes to be realized.		 array of PendingChange Required
Maximum items: 100
revision_desired Section's desired state revision number

This attribute represents revision number of section's desired state.		 integer Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

FirewallSectionsSummary (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
rule_count Rule count

Total number of rules in the section.		 integer Readonly
section_count Section count

Total number of sections for the section type.		 integer Readonly
section_type Section Type

Type of rules which a section can contain.		 FirewallCategory Readonly

FirewallSectionsSummaryList (schema)

Name Description Type Notes
last_compute_time Timestamp of the last computation, in epoch milliseconds. EpochMsTimestamp Readonly
sections_summary List of the firewall sections summary

List of firewall sections summary.		 array of FirewallSectionsSummary Readonly

FirewallService (schema)

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
service Distributed Service Network and Security Service element

Distributed Service API accepts raw protocol and ports as part of NS service element
in Distributed Service Rule that describes traffic corresponding to an NSService.
NSServiceElement
(Abstract type: pass one of the following concrete types)
ALGTypeNSService
EtherTypeNSService
ICMPTypeNSService
IGMPTypeNSService
IPProtocolNSService
L4PortSetNSService
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

FirewallSessionTimerProfile (schema)

Firewall Session timeout profile

A profile holding TCP, UDP and ICMP session timeout configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
icmp_error_reply Timeout after ICMP error

The timeout value for the connection after an ICMP error came back in response to an ICMP packet. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "10"
icmp_first_packet First packet connection timeout

The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new ICMP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "20"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value FirewallSessionTimerProfile string Required
Enum: FirewallSessionTimerProfile, FirewallCpuMemThresholdsProfile, FirewallFloodProtectionProfile, FirewallDnsProfile, GeneralSecuritySettingsProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_closed Timeout after RST

The timeout value of connection in seconds after one endpoint sends an RST. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "20"
tcp_closing Timeout after first TN

The timeout value of connection in seconds after the first FIN has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "120"
tcp_established Connection timeout

The timeout value of connection in seconds once the connection has become fully established. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 120
Maximum: 4320000
Default: "43200"
tcp_finwait Timeout after FINs exchanged

The timeout value of connection in seconds after both FINs have been exchanged and connection is closed. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "45"
tcp_first_packet Connection timout after first packet

The timeout value of connection in seconds after the first packet has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "120"
tcp_opening Connection timout after second packet

The timeout value of connection in seconds after a second packet has been transferred. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "30"
udp_first_packet Connection timout after first packet

The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new UDP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "60"
udp_multiple Timeout after hosts sent packet

The timeout value of connection in seconds if both hosts have sent packets. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "60"
udp_single Connection timeout for destination

The timeout value of connection in seconds if the source host sends more than one packet but the destination host has never sent one back. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "30"

FirewallStats (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
byte_count Bytes count

Aggregated number of bytes processed by the rule.		 integer Readonly
hit_count Hits count

Aggregated number of hits received by the rule.		 integer Readonly
l7_accept_count L7 Accept count

Aggregated number of L7 Profile Accepted counters received by the rule.		 integer Readonly
l7_reject_count L7 Reject count

Aggregated number of L7 Profile Rejected counters received by the rule.		 integer Readonly
l7_reject_with_response_count L7 Reject with response count

Aggregated number of L7 Profile Rejected with Response counters received by the rule.		 integer Readonly
max_popularity_index The maximum popularity index

Maximum value of popularity index of all firewall rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.		 integer Readonly
max_session_count Maximum sessions count

Maximum value of sessions count of all firewall rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.		 integer Readonly
packet_count Packets count

Aggregated number of packets processed by the rule.		 integer Readonly
popularity_index The index of the popularity of firewall rule

This is calculated by sessions count divided by age of the rule.		 integer Readonly
rule_id Firewall rule Id

Rule Identifier of the Firewall rule. This is a globally unique number.		 string Readonly
session_count Sessions count

Aggregated number of sessions processed by the rule.		 integer Readonly
total_session_count Total sessions count

Aggregated number of sessions processed by the all firewall rules. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.		 integer Readonly

FirewallStatsList (schema)

Name Description Type Notes
result_count Firewall rules stats count

Total count for firewall rule statistics in results set		 integer Required
Readonly
results Firewall rules stats

List of rule statistics		 array of FirewallStats Readonly
Maximum items: 1000
section_id Firewall section ID

Corresponding firewall section identifier for list of rule statistics		 string Required
Readonly

FirewallStatus (schema)

Firewall Status Response

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
context Firewall Context Type

Types of firewall contexts.		 FirewallContextType Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
global_status Firewall Status Type

Firewall status for a fabric entity or in global context where firewall is supported.		 FirewallStatusType Required
id Unique identifier of this resource string Sortable
resource_type Must be set to the value FirewallStatus string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target_statuses List of target resource status

List of firewall status on various target logical resources. This will override the global status of corresponding firewall context (e.g it will override the gloabal status of logical_routers).		 array of TargetResourceStatus

FirewallStatusListResult (schema)

Firewall Statuses

List of firewall statuses for a context or all context

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of FirewallStatus Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FirewallStatusType (schema)

Firewall Status Type

Types of firewall statuses representing state of DFW for a context type (e.g. transport_nodes).

Name Description Type Notes
FirewallStatusType Firewall Status Type

Types of firewall statuses representing state of DFW for a context type (e.g. transport_nodes).		 string Enum: DISABLED, ENABLED

FirstNSampling (schema)

Name Description Type Notes
match_number Number of packets to be sampled integer Required
Minimum: 1
Maximum: 500
sampling_type Must be set to the value FirstNSampling string Required
Enum: FirstNSampling, PacketNumberSampling, IntervalSampling

FloodProtectionProfile (schema)

Flood Protection profile

A profile holding TCP, UDP and ICMP and other protcol connection limits. This is an abstract type. Concrete child types:
DistributedFloodProtectionProfile
GatewayFloodProtectionProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
icmp_active_flow_limit Active ICMP connections limit

If this field is empty, firewall will not set a limit to active ICMP connections.		 integer Minimum: 1
Maximum: 1000000
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
other_active_conn_limit Timeout after first TN

If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.		 integer Minimum: 1
Maximum: 1000000
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value FloodProtectionProfile FloodProtectionProfileResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_half_open_conn_limit Active half open TCP connections limit

If this field is empty, firewall will not set a limit to half open TCP connections.		 integer Minimum: 1
Maximum: 1000000
udp_active_flow_limit Active UDP connections limit

If this field is empty, firewall will not set a limit to active UDP connections.		 integer Minimum: 1
Maximum: 1000000
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

FloodProtectionProfileBindingListResult (schema)

Paged Collection of flood protection profile binding maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Flood protection profile binding maps list results array of FloodProtectionProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FloodProtectionProfileBindingMap (schema)

Policy Flood Protection Profile binding map

This entity will be used to establish association between Flood Protection
profile and Logical Routers.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value FloodProtectionProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

FloodProtectionProfileListRequestParameters (schema)

Flood Protection profile list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

FloodProtectionProfileListResult (schema)

Paged Collection of flood protection profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Flood protection profile list results array of FloodProtectionProfile
(Abstract type: pass one of the following concrete types)
DistributedFloodProtectionProfile
GatewayFloodProtectionProfile		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FloodProtectionProfileResourceType (schema)

Resource types of flood protection profiles

GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways.
DistributedFloodProtectionProfile is used for all Transport Nodes.

Name Description Type Notes
FloodProtectionProfileResourceType Resource types of flood protection profiles

GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways.
DistributedFloodProtectionProfile is used for all Transport Nodes.
string Enum: GatewayFloodProtectionProfile, DistributedFloodProtectionProfile

FlowInfo (schema)

Details of config flow

Provides details of config flow in federation
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)

Name Description Type Notes
cross_site_flow_info Corss site flow information for the flow CrossSiteFlowInfo
flow_type Flow identifier string Enum: GM_TO_LM, LM_TO_GM, GM_TO_GM, LM_TO_LM, GM_WORK_QUEUE, GM_DELETE_QUEUE
id System identifier for the flow string
queue_infos Queue information for the flow

Every flow will have transmitter and receiver queues.		 array of FederationQueueInfo

Flows (schema)

Flows

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Flow information

Flow information		 array of FlowInfo
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Footer (schema)

Widget Footer

Footer of a widget that provides additional information or allows an action such as clickable url for navigation. An example usage of footer is provided under 'example_request' section of 'CreateWidgetConfiguration' API.

Name Description Type Notes
actions Footer Actions

Action to be performed at the footer of a widget. An action at the footer can be simple text description or a hyperlink to a UI page. Action allows a clickable url for navigation. An example usage of footer action is provided under 'example_request' section of 'CreateWidgetConfiguration' API.		 array of FooterAction Minimum items: 0
condition Expression for evaluating condition

If the condition is met then the footer will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.		 string Maximum length: 1024

FooterAction (schema)

Widget Footer Action

Action specified at the footer of a widget to provide additional information or to provide a clickable url for navigation. An example usage of footer action is provided under the 'example_request' section of 'CreateWidgetConfiguration' API.

Name Description Type Notes
dock_to_container_footer Dock the footer at container

If true, the footer will appear in the underlying container that holds the widget.		 boolean Default: "True"
label Label for action

Label to be displayed against the footer action.		 Label Required
url Clickable hyperlink, if any

Hyperlink to the UI page that provides details of action.		 string Maximum length: 1024

ForceRevisionCheckRequestParameter (schema)

Parameter to enforce revision check before updating objects

Forces revision check before updating

Name Description Type Notes
enforce_revision_check Force revision check

If this is set to true, each child object in the request needs to have
_revision property set correctly. System will honor the revision
numbers while updating the resources.
boolean Default: "False"

FormFactorDetail (schema)

Detail about form factor

Form factor contains, resources required to deploy
NSX Application Platform deployment and available features for a given
form factor.

Name Description Type Notes
node_resources Node resources

Required node resources to deploy NSX Application Platform deployment.
NodeResources
supported_features Supported features

Features supported in this form factor.
array of string

FormFactorType (schema)

Form factor types

Form factor types.
standard - Deployment with standard configuration.
advanced - Deployment with advanced configuration.
evaluation - Deployment with evaluation configuration.

Name Description Type Notes
FormFactorType Form factor types

Form factor types.
standard - Deployment with standard configuration.
advanced - Deployment with advanced configuration.
evaluation - Deployment with evaluation configuration.
string Enum: standard, advanced, evaluation

FormFactors (schema)

NSX Application Platform deployment platform form factors

Different form factor for deployment.

Name Description Type Notes
advanced Advanced form factor

Advanced form factor to deploy charts.
FormFactorDetail
evaluation Evaluation form factor

Evaluation form factor to deploy charts.
FormFactorDetail
standard Standard form factor

Standard form factor to deploy charts.
FormFactorDetail

ForwarderZone (schema) (Deprecated)

Name Description Type Notes
source_ip Source ip of the forwarder

The source ip used by the fowarder of the zone. If no source ip
specified, the ip address of listener of the DNS forwarder will
be used.
IPv4Address
upstream_servers Ips of upsteam DNS servers

Ip address of the upstream DNS servers the DNS forwarder accesses.
array of IPv4Address Required
Minimum items: 1
Maximum items: 3

ForwardingPolicy (schema)

Forwarding Policy

Contains ordered list of forwarding rules that determine when to
forward traffic to / from the underlay for accessing cloud native services.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildForwardingRule
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ForwardingPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules Rules that are a part of this ForwardingPolicy array of ForwardingRule
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ForwardingPolicyListResult (schema)

Paged Collection of ForwardingPolicy objects

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results ForwardingPolicy list results array of ForwardingPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ForwardingPolicyStatisticsForEnforcementPoint (schema)

Forwarding Policy statistics for an enforcement point

Forwarding policy statistics for a specfic enforcement point.

Name Description Type Notes
enforcement_point Enforcement point path

Path for a specific enforcement point		 string Readonly
statistics Forwarding Policy Statistics

Statistics for the specified enforcement point		 ForwardingPolicyStats Readonly

ForwardingPolicyStatisticsListResult (schema)

Paged Collection of Forwarding Policy statistics

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Forwarding Policy statistics list results array of ForwardingPolicyStatisticsForEnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ForwardingPolicyStats (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Forwarding rules stats

List of rule statistics.		 array of ForwardingRuleStats Readonly
section_id Forwarding Policy ID

Forwarding policy identifier.		 string Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ForwardingRule (schema)

Forwarding rule

Forwarding rule that determine how to forward traffic from a VM.
Traffic from VM can either be routed via Overlay or Underlay when VM is on hybrid port.
Additionally NAT can be performed for VM or container on overlay to route traffic to/from underlay
ROUTE_TO_UNDERLAY - Access a service on underlay space from a VM connected to hybrid port. Eg access to AWS S3 on AWS underlay
ROUTE_TO_OVERLAY - Access a service on overlay space from a VM connected to hybrid port.
ROUTE_FROM_UNDERLAY - Access a service hosted on a VM (that is connected to hybrid port) from underlay space. Eg access from AWS ELB to VM
ROUTE_FROM_OVERLAY - Access a service hosted on a VM (that is connected to hybrid port) from overlay space
NAT_FROM_UNDERLAY - Access a service on overlay VM/container from underlay space using DNAT from underlay IP to overlay IP
NAT_TO_UNDERLAY - Access an underlay service from a VM/container on overlay space using SNAT from overlay IP to underlay IP

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action

The action to be applied to all the services
string Enum: ROUTE_TO_UNDERLAY, ROUTE_TO_OVERLAY, ROUTE_FROM_UNDERLAY, ROUTE_FROM_OVERLAY, NAT_FROM_UNDERLAY, NAT_TO_UNDERLAY
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_groups Destination group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
destinations_excluded Negation of destination groups

If set to true, the rule gets applied on all the groups that are
NOT part of the destination groups. If false, the rule applies to the
destination groups
boolean Default: "False"
direction Direction

Define direction of traffic.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Flag to disable the rule

Flag to disable the rule. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.
The value is set to IPV4_IPV6 for Layer3 rule if not specified.
For Layer2/Ether rule the value must be null.
string Enum: IPV4, IPV6, IPV4_IPV6
is_default Default rule flag

A flag to indicate whether rule is a default rule.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
notes Text for additional notes on changes

Text for additional notes on changes.		 string Maximum length: 2048
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profiles Layer 7 service profiles or TLS action profile

Holds the list of layer 7 service profile paths. These profiles accept
attributes and sub-attributes of various network services
(e.g. L4 AppId, encryption algorithm, domain name, etc) as key value
pairs. Instead of Layer 7 service profiles you can use a L7 access profile.
One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule.
In case of L7 access profile only one is allowed.
array of string Maximum items: 128
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ForwardingRule string
rule_id Unique rule ID

This is a unique 4 byte positive number that is assigned by the system.
This rule id is passed all the way down to the data path. The first 1GB
(1000 to 2^30) will be shared by GM and LM with zebra style striped
number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM
and so on.
integer Readonly
scope The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied
on multiple LRs/LRPs.
array of string Maximum items: 128
sequence_number Sequence number of the this Rule

This field is used to resolve conflicts between multiple
Rules under Security or Gateway Policy for a Domain
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple rules with the same
sequence number then their order is not deterministic. If a specific
order of rules is desired, then one has to specify unique sequence
numbers or use the POST request on the rule entity with
a query parameter action=revise to let the framework assign a
sequence number
int Minimum: 0
service_entries Raw services

In order to specify raw services this can be used,
along with services which contains path to services.
This can be empty or null.
array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Maximum items: 128
services Names of services

In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
array of string Maximum items: 128
source_groups Source group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
sources_excluded Negation of source groups

If set to true, the rule gets applied on all the groups that are
NOT part of the source groups. If false, the rule applies to the
source groups
boolean Default: "False"
tag Tag applied on the rule

User level field which will be printed in CLI and packet logs.
Even though there is no limitation on length of a tag, internally
tag will get truncated after 32 characters.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ForwardingRuleListRequestParameters (schema)

ForwardingRule list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ForwardingRuleListResult (schema)

Paged Collection of ForwardingRules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Rule list results array of ForwardingRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ForwardingRuleStatisticsForEnforcementPoint (schema)

Forwarding Policy Rule statistics for an enforcement point

Forwarding Rule statistics for a specfic enforcement point.

Name Description Type Notes
enforcement_point Enforcement point path

Path for a specific enforcement point		 string Readonly
statistics Forwarding Rule Statistics

Statistics for the specified enforcement point		 ForwardingRuleStats Readonly

ForwardingRuleStatisticsListResult (schema)

Paged Collection of Forwarding rule statistics

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results ForwardingRuleStatistics list results array of ForwardingRuleStatisticsForEnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ForwardingRuleStats (schema)

Forwarding Policy Rule Statistics

FP Rule Statistics.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
byte_count Bytes count

Aggregated number of bytes processed by the rule.
integer Readonly
hit_count Hits count

Aggregated number of hits received by the rule.		 integer Readonly
internal_rule_id NSX internal rule id

Realized id of the rule on NSX MP. Policy Manager can create more than
one rule per policy rule, in which case this identifier helps to
distinguish between the multple rules created.
string Readonly
l7_accept_count L7 Accept count

Aggregated number of L7 Profile Accepted counters received by the rule.		 integer Readonly
l7_reject_count L7 Reject count

Aggregated number of L7 Profile Rejected counters received by the rule.		 integer Readonly
l7_reject_with_response_count L7 Reject with response count

Aggregated number of L7 Profile Rejected with Response counters received by the rule.		 integer Readonly
lr_path Logical Router (Tier-0/Tier1) path

Path of the LR on which the section is applied in case of Edge FW.		 string Readonly
max_popularity_index The maximum popularity index

Maximum value of popularity index of all rules of the type.
This is aggregated statistic which are computed with lower
frequency compared to individual generic rule statistics.
It may have a computation delay up to 15 minutes in response
to this API.
integer Readonly
max_session_count Maximum Sessions count

Maximum value of sessions count of all rules of the type.
This is aggregated statistic which are computed with lower
frequency compared to generic rule statistics. It may have
a computation delay up to 15 minutes in response to this API.
integer Readonly
packet_count Packets count

Aggregated number of packets processed by the rule.
integer Readonly
popularity_index The index of the popularity of rule

This is calculated by sessions count divided by age of the rule.		 integer Readonly
rule Rule path

Path of the rule.		 string Readonly
session_count sessions count

Aggregated number of sessions processed by the rule.
integer Readonly
total_session_count Total Sessions count

Aggregated number of sessions processed by all the rules
This is aggregated statistic which are computed with lower
frequency compared to individual generic rule statistics.
It may have a computation delay up to 15 minutes in
response to this API.
integer Readonly

FqdnAnalysisConfig (schema)

FQDN Analysis feature configuration entity

The type contains information about the configuration of the FqdnAnalysis feature for a
specific node.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enabled

Property which specifies the enabling/disabling of the feature.
boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value FqdnAnalysisConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

FullSyncInfo (schema)

Full sync details for the flow

Represents details of the last full sync if full sync is not running,
otherwise returns the status of current full sync.

Name Description Type Notes
data_streaming_from_source_end_time End time of streaming full state from source integer
data_streaming_from_source_progress Details about full sync on sender side string
data_streaming_from_source_start_time Start time of streaming full state from source integer
end_time Full sync end time integer
errors Errors if any array of string
fullSyncId Full sync id string
reason Description of full sync reason string
reason_code Reason code for full sync

Full sync can happen for various internal reasons, as well user can request for one. The code provides the classification of possible reasons to start a full sync.		 string Enum: QUEUE_OVERFLOW_ON_TRANSMITTER, QUEUE_OVERFLOW_ON_RECEIVER, CONNECTION_RESTORED, LM_ONBOARDED, GM_SWITCHOVER, RESTORED_GM_FROM_BACKUP, RESTORED_LM_FROM_BACKUP, BROWNFIELD_CONFIG_MIGRATION_FROM_LM_TO_GM, GM_REQUESTED_OVERSIZED_PAYLOAD, GM_REQUESTED_SITE_ONBOARDING, GM_REQUESTED_OTHER, LM_REQUSTED_OVERSIZED_PAYLOAD, LM_REQUESTED_OTHER, USER_REQUSTED, OTHER_AR_INTERNAL, POST_UPGRADE_GM, POST_UPGRADE_LM, UNKNOWN
receiver_end_time End time of completing applying full state on receiver side integer
receiver_start_time Start time of applying full state on receiver side integer
receiver_state Internal receiver state

This is optional information, provides useful insights on receiver side
once async channel hands over full state data to receiver.
string
receiver_time_to_apply_in_millis Time taken by application receiver to apply the full state received integer
stage Current stage details if full sync in progress

This provides the insights into current full sync stage if in progress.
string Enum: NOT_STARTED, REQUESTED_FULL_STATE_FROM_SOURCE, TRANSFERRING_FULL_STATE, COMPLETED_TRANSFERRING_FULL_STATE, DESTINATION_APPLYING_FULL_STATE, COMPLETED_SUCCESSFUL, TIMEOUT_ON_SOURCE_RECEIVE_FULL_STATE, TIMEOUT_ON_DESTINATION_APPLY, COMPLETED_FAILED
start_time Full sync start time integer
status Full sync status string Enum: NOT_STARTED, IN_PROGRESS, COMPLETED
warnings Errors if any array of string

FullSyncState (schema)

Full sync state

Provides FullSync state for Local Manager from Global Manager.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
errors Errors occurred during full sync

Errors occurred during full sync.
array of string Readonly
full_sync_id Full sync id

Full sync id generated by Async Replicator (AR) service.
string Readonly
id Unique identifier of this resource string Sortable
last_completed_stage Full sync stage that is last completed for this request.

The current stage of full sync completion for ongoing sync.
When Local Manager (LM) receives full sync data from AR, LM starts
with workflow to prserve the state and restore the full sync from
where it has left off in case of change of leadership of the service
to different NSX node or LM is restarted.
LM starts the full sync workflow with state INITIAL capturing the
AR full sync id and data location details. The stage/state transition
follows the order given below
INITIAL - Full sync started
PROCESSED_FULLSYNC_DATA - Compelted processing the full state data
provided by AR
PRCESSED_DELTAS - Completed processing pending delta changes provided
by AR.
DELETED_STALE_ENTITIES - Completed deletion of all global entities on
LM that are not in GM anymore
COMPLETED - Full sync handling is completed on LM
ERROR - Full sync failed with errors on LM, in which case AR will
re-attempt full sync later point in time for the LM
ABORTED - Indicates that the full sync cancelled as per user request
string Readonly
Enum: INITIAL, PAUSE_DCNS, DELETED_STALE_ENTITIES, PROCESSED_FULLSYNC_DATA, PROCESSED_DELTAS, UNPAUSE_DCNS, COMPLETED, ERROR, ABORTED
last_upate_time Deprecated, refer to last_update_time for the last update time stamp. EpochMsTimestamp Deprecated
Readonly
Sortable
last_update_time Timestamp of last update, could be progress or success or error. EpochMsTimestamp Readonly
Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value FullSyncState string
start_time Timestamp of Full Sync start. EpochMsTimestamp Readonly
Sortable
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

FullSyncStateListResult (schema)

Paged Collection of FullSync states.

Paged Collection of FullSync states.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results FullSync states list

FullSync states list.		 array of FullSyncState Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

FullSyncStatus (schema)

Name Description Type Notes
completed_at Time at which the full sync was completed. string Required
snapshot_version Snapshot version targeted by full sync. string Required
status Status of full sync. string Required
Enum: UNAVAILABLE, ERROR, ONGOING, COMPLETE, NOT_STARTED
sync_id Identifier for the full sync. string Required
sync_type Type of full sync. string Required
Enum: UNAVAILABLE, STANDARD, FORCED

FwContexts (schema)

Name Description Type Notes
ICMP Active/Max ICMP Active/Max Connections

ICMP active/max connections		 string Readonly
Other Active/Max Other Active/Max Connections

Other active/max connections		 string Readonly
TCP Half Opened Active/Max TCP Active/Max Connections

TCP active/max connections		 string Readonly
UDP Active/Max UDP Active/Max Connections

UDP active/max connections		 string Readonly
config-loaded Configuration Loaded

Configuration is loaded		 string Readonly
connection-count Connection Count

Connection count		 string Readonly
connections Connections

Connections		 object Readonly
name Name

Name		 string Readonly
ports Ports

Ports		 array Readonly
pvi Peer VRF

Peer VRF		 integer Readonly
rule-flag Rule Flag

Rule flag		 string Readonly
sync-enabled HA Enabled

HA enabled		 string Readonly
sync-total-stats HA Total Statistics

HA total statistics		 object Readonly
total-stats Total Statistics

Total statistics		 object Readonly
type Type

Type		 string Readonly
uuid UUID

UUID		 string Readonly
vrf VRF

VRF		 integer Readonly

GatewayConfig (schema)

Gateway configuration

Stores gateway configuration like nsx_manager_connection,
default_quarantine_policy_enabled and is_ha_enabled.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cloud_fallback_security_group_id Id of cloud security group

Id of security group where the VMs should be moved after last gateway
undeployed.
string
default_quarantine_policy_enabled Flag to identify if default quarantine policy is enabled boolean Default: "False"
dns_settings DNS settings

Settings related to Cloud gateway DNS configuration. This determines
DNS configuration based on dns_mode.
DnsSettings Deprecated
gateway_connectivity_mode Gateway Connectivity Mode

Helps the user choose default connectivity mode that will be used
between Cloud Service Manager and Gateway.
PUBLIC IP: All the connections will go through the internet. When this mode
is selected by the user, the user will have to select a public Ip address from
the list of public IP's from the 'Public IP on Mgmt NIC' field.
PRIVATE IP: All the connections will go through the VGW or any other configured
VPN.
When there is no input provided by the user, an attempt will be made using
PRIVATE_IP (VGW) first and if that doesn't go through, an attempt will be made
using PUBLIC_IP (IGW). And if both fail, it will cause an exception.
string Enum: PUBLIC_IP, PRIVATE_IP
is_ha_enabled Flag to identify if HA is enabled boolean
managed_without_agents Managed Without NSX Agents

This flag determines if this virtual private cloud is managed with or
without NSX agents. This flag is applicable only for this network.
If this virtual private cloud is being managed without NSX agents,
quarantine state and threat state will be NOT_APPLICABLE for all the
virtual machines under it.
boolean Default: "False"
nsx_manager_connection NSX Manager connection

Determines if connection to NSX Manager is via public IP or private IP
string Enum: PUBLIC_IP, PRIVATE_IP
proxy_server_profile Id of the proxy server profile

Id of the proxy server profile, corresponding proxy settings
will be applied while deploying the gateway.
string
target_disk_size Target Disk Size

This is the target disk size of the PCG appliance in GB. Based on this
an additional disk is attached to the PCG appliance, if required.
The supported size is 191 GB and this property should only be modified
post upgrade for exisiting PCG appliances.
integer
vpn_service_enabled Flag to enable or disable inter-operation with services via VPN

Flag that will enable or disable inter-operation between NSX and
non-NSX services via VPN.
boolean Default: "True"

GatewayConfigOperationStatus (schema)

Name Description Type Notes
attaching_disks_status Status of attaching disks gateway configuration operation

This property provides the status of attaching disks gateway
configuration operation.
string Readonly
Enum: IN_PROGRESS, SUCCESSFUL, FAILED
error_code Error code for gateway configuration operation failure

Error code for gateway configuration operation failure.
integer Readonly
error_message Error message for gateway configuration operation failure

Error message for gateway configuration operation failure.
string Readonly

GatewayFloodProtectionProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
icmp_active_flow_limit Active ICMP connections limit

If this field is empty, firewall will not set a limit to active ICMP connections.		 integer Minimum: 1
Maximum: 1000000
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
nat_active_conn_limit Maximum limit of active NAT connections

The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource.		 integer Minimum: 1
Maximum: 4294967295
Default: "4294967295"
other_active_conn_limit Timeout after first TN

If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.		 integer Minimum: 1
Maximum: 1000000
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GatewayFloodProtectionProfile FloodProtectionProfileResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_half_open_conn_limit Active half open TCP connections limit

If this field is empty, firewall will not set a limit to half open TCP connections.		 integer Minimum: 1
Maximum: 1000000
udp_active_flow_limit Active UDP connections limit

If this field is empty, firewall will not set a limit to active UDP connections.		 integer Minimum: 1
Maximum: 1000000
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GatewayGeneralSecurityProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_double_flow Flag to indicate double flow check is enabled or not

The flag to indicate double flow check is enabled or not. This option applies only to EDGE components.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GatewayGeneralSecurityProfile GeneralSecurityProfileResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GatewayInstanceStatus (schema)

Gateway instance status

Stores information about gateway instance status

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
configuration_operation_status Status of different gateway configuration operations

This property provides a consolidated status of supported gateway
configuration operations.
GatewayConfigOperationStatus Readonly
deployment_step Different states of gateway deployment string Readonly
Enum: VALIDATING_ENVIRONMENT, COPYING_IMAGE, CREATING_SECURITY_GROUPS, LAUNCHING_GATEWAY, CREATING_NETWORK_INTERFACES, ATTACHING_NETWORK_INTERFACES, ATTACHING_SECURITY_GROUPS, CONFIGURING_GATEWAY, CREATING_LOGICAL_NETWORK_CONSTRUCTS, DEPLOYMENT_SUCCESSFUL, DEPLOYMENT_FAILED, UNCONFIGURING_GATEWAY, RELEASING_EIPS, TERMINATING_GATEWAY, DELETING_SECURITY_GROUPS, DELETING_CLOUD_RESOURCES, UNDEPLOYMENT_SUCCESSFUL, UNDEPLOYMENT_FAILED, NOT_APPLICABLE, CLEANUP_INPROGRESS, CLEANUP_FAILED
error_code Error code for gateway operation failure integer Readonly
error_message Error message for gateway operation failure string Readonly
gateway_ha_index Index of HA that indicates whether gateway is primary or secondary. If index is 0, then it is primary gateway. Else secondary gateway. integer
gateway_instance_id ID of the gateway instance string
gateway_lcp_connectivity_status Gateway to NSX Controller connectivity status

Status of connectivity between NSX controller and public cloud gateway.
string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN
gateway_mpa_connectivity_status Gateway to NSX Manager connectivity status

Status of connectivity between NSX manager and public cloud gateway.
string Readonly
Enum: UP, DOWN, UNKNOWN
gateway_name Name of the gateway instance string
gateway_node_id NSX Node ID of the public cloud gateway string
gateway_status Gateway instance status string Readonly
Enum: UP, DOWN, DEPLOYING, NOT_AVAILABLE, UNDEPLOYING, COPYING_IMAGE
gateway_tn_id NSX transport node id of the public cloud gateway string
is_gateway_active Flag to identify if this is an active gateway boolean Readonly
private_ip Private IP address of the virtual machine string Readonly
public_ip Public IP address of the virtual machine string Readonly
vpn_private_ip VPN Private IP address

Private IP address of the virtual machine for VPN		 string Readonly

GatewayPolicy (schema)

Contains ordered list of Rules for GatewayPolicy

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildRule
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GatewayPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules Rules that are a part of this SecurityPolicy array of Rule
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GatewayPolicyListResult (schema)

Paged Collection of gateway policies

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results GatewayPolicy list results array of GatewayPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GatewayPrivateIp (schema)

Gateway Private IP Information

Stores gateway private IP settings like ip_allocation_mode and ip_address.

Name Description Type Notes
ip_allocation_mode IP Allocation Mode

ALLOCATE_NEW: Allocate new private IP dynamically.
USE_EXISTING: Use static private IP.
string Enum: ALLOCATE_NEW, USE_EXISTING
Default: "ALLOCATE_NEW"
private_ip Private IP Address

Holds static private IP address to be used for virtual machine.
The IP address will be used if ip_allocation_mode is set to USE_EXISTING.
string Format: ipv4

GatewayPublicIp (schema)

Gateway Public IP Information

Stores gateway public IP settings like ip_allocation_mode and ip_address.

Name Description Type Notes
ip_allocation_mode IP Allocation Mode

ALLOCATE_NEW: Allocate new public IP.
USE_EXISTING: Use cloud provider public IP.
DONT_ALLOCATE: Don't allocate any public IP.
string Enum: ALLOCATE_NEW, USE_EXISTING, DONT_ALLOCATE
Default: "ALLOCATE_NEW"
public_ip Public IP Address

Stores IP address from the Azure public IP service.
The IP address will be used if ip_allocation_mode is set to USE_EXISTING.
string Format: ipv4

GatewayQosProfile (schema)

QoS configuration of Tier1 gateway

QoS profile contains configuration of rate limiting properties which can be
applied in ingress and egress directions at Tier1 gateways

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
burst_size Burst size in bytes

Burst size in bytes.
int Minimum: 1
Default: "1"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
committed_bandwidth Committed bandwidth in Mbps

Committed bandwidth in both directions specified in Mbps.
Bandwidth is limited to line rate when the value configured is greater
than line rate.
int Minimum: 1
Default: "1"
committed_bandwitdth Committed bandwidth in Mbps

Committed bandwidth in both directions specified in Mbps.
Bandwidth is limited to line rate when the value configured is greater
than line rate.
This property is deprecated, use committed_bandwidth instead.
int Deprecated
Minimum: 1
Default: "1"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
excess_action Action on traffic exceeding bandwidth.

Action on traffic exceeding bandwidth.
string Enum: DROP
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GatewayQosProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GatewayQosProfileConfig (schema)

Gateway QoS profile configuration

Name Description Type Notes
egress_qos_profile_path Egress QoS profile

Policy path to gateway QoS profile in egress direction.
string
ingress_qos_profile_path Ingress QoS profile

Policy path to gateway QoS profile in ingress direction.
string

GatewayQosProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of GatewayQosProfile array of GatewayQosProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GatewayRouteCsvRecord (schema)

Name Description Type Notes
admin_distance The admin distance of the next hop integer
edge_path Edge path

Edge node policy path.
string Readonly
interface The policy path of the interface which is used as the next hop string
lr_component_id Logical router component(Service Router/Distributed Router) id string
lr_component_type Logical router component(Service Router/Distributed Router) type string
network CIDR network address IPCIDRBlock Required
next_hop The IP of the next hop IPAddress
route_type Route type (USER, CONNECTED, NSX_INTERNAL,..) string Required

GatewayRouteTableInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of GatewayRouteCsvRecord

GatewayStats (schema)

Gateway statistics

Name Description Type Notes
deploying Gateways with status DEPLOYING

The number of gateways with status DEPLOYING.		 integer Readonly
down Gateways with status DOWN

The number of gateways with status DOWN.		 integer Readonly
up Gateways with status UP

The number of gateways with status UP.		 integer Readonly

GeneralSecurityProfile (schema)

General Security profile

A profile holding general security settings. This is an abstract type. Concrete child types:
GatewayGeneralSecurityProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GeneralSecurityProfile GeneralSecurityProfileResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GeneralSecurityProfileBindingMap (schema)

Policy General Security profile binding map

This entity will be used to establish association between General Security
profile and Logical Routers.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GeneralSecurityProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GeneralSecurityProfileResourceType (schema)

Resource types of General Security profiles

GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways.

Name Description Type Notes
GeneralSecurityProfileResourceType Resource types of General Security profiles

GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways.
string Enum: GatewayGeneralSecurityProfile

GeneralSecuritySettingsProfile (schema)

General security settings profile

A profile holding general security settings.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_double_flow Flag to indicate double flow check is enabled or not

The flag to indicate double flow check is enabled or not. This option applies only to EDGE components.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value GeneralSecuritySettingsProfile string Required
Enum: FirewallSessionTimerProfile, FirewallCpuMemThresholdsProfile, FirewallFloodProtectionProfile, FirewallDnsProfile, GeneralSecuritySettingsProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

GenericDhcpOption (schema) (Deprecated)

Generic DHCP option

Define DHCP options other than option 121.

Name Description Type Notes
code DHCP option code, [0-255]

Code of the dhcp option.		 integer Required
Minimum: 0
Maximum: 255
values DHCP option value

Value of the option.		 array of string Required
Minimum items: 1
Maximum items: 10

GenericPolicyRealizedResource (schema)

Generic realized entity

Represents realized entity

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enforcement_point_path Enforcement Point Path

The path of the enforcement point.		 string Readonly
entity_type Type of realized entity string Readonly
extended_attributes Collection of type specific properties array of AttributeVal Readonly
id Unique identifier of this resource string Sortable
intent_paths Collection of intent paths array of string Readonly
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GenericPolicyRealizedResource string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
site_path Site Path

The site where this entity resides.		 string Readonly
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GenericPolicyRealizedResourceListRequestParameters (schema)

GenericPolicyRealizedResource list request parameters

GenericPolicyRealizedResource list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

GenericPolicyRealizedResourceListResult (schema)

GenericPolicyRealizedResource list result

GenericPolicyRealizedResource list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of GenericPolicyRealizedResources

List of realized resources		 array of GenericPolicyRealizedResource
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GetBackupUiFramesInfoRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
ui_tab_type string Readonly
Enum: LOCAL_MANAGER_TAB, GLOBAL_MANAGER_TAB
Default: "LOCAL_MANAGER_TAB"

GetCertParameter (schema)

Name Description Type Notes
details whether to expand the pem data and show all its details boolean Default: "False"

GetSNMPParameters (schema)

Get SNMP request parameters

Get SNMP request parameters.

Name Description Type Notes
show_sensitive_data Show SNMP sensitive data or not

Whether to show SNMP service properties including community
strings if any applicable.
boolean Default: "False"

GiServiceProfile (schema)

GI sepcific Service Profile

GI Specific service profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value GiServiceProfile string Required
service_id Service Id

The service to which the service profile belongs.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vendor_template_id Vendor template Id

ID of the vendor template, created by partner while registering the service.		 string Required
vendor_template_key Vendor template key

Different VMs in data center can have Different protection levels as specified by administrator in the policy. The identifier for the policy with which the partner appliance identifies this policy. This identifier will be passed to the partner appliance at runtime to specify which protection level is applicable for the VM being protected.		 string Readonly

GlobalCollectionConfiguration (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
aggregated_data_collection_frequency Aggregated Data Collection Frequency In Seconds

The frequency in seconds at which data, which is subject to the aggregation function, is collected.		 integer Required
Minimum: 60
Maximum: 86400
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_data_collection_enabled Is data collection enabled

Indicates whether data collection required by the aggregation service is enabled. If false, no aggregation service data will be collected. Changing this property will not affect the existing data collection frequency settings.		 boolean Required
modified_feature_stack_collection_configurations Modified feature stack collection configurations

The list of the locally modified feature stack data collection frequency settings. If all feature stack data collection configurations are set to their default values, this list will be empty.		 FeatureStackCollectionConfigurationList Readonly
resource_type Must be set to the value GlobalCollectionConfiguration string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

GlobalCollectorConfig (schema)

Abstract base type for Global collector configurations of different types

The GlobalCollectorConfig is the base class for global collector configurations for
different types in a NSX domain.
This is an abstract type. Concrete child types:
VrniGlobalCollector
WaveFrontGlobalCollector

Name Description Type Notes
collector_ip IP address for the global collector collector

IP address for the global collector.		 IPAddress Required
collector_port Port for the global collector

Port for the global collector.		 int Required
Minimum: 0
Maximum: 65535
collector_type Specify the global collector type. GlobalCollectorType Required

GlobalCollectorType (schema)

Valid Global collector types

Name Description Type Notes
GlobalCollectorType Valid Global collector types string Enum: VRNI, WAVE_FRONT

GlobalConfig (schema)

Global configuration

Global configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allow_changing_vdr_mac_in_use A flag to indicate if changing the VDR MAC being used is allowed

When this flag is set to true, it is allowed to change the VDR MAC being used by existing transport nodes in a NSX system. The VDR MAC used by a host switch in a transport node is decided by the OVERLAY transport zone(s) which the host switch joins. If any of the OVERLAY transport zone(s) has "nested_nsx" property set to true, the MAC in "vdr_mac_nested" is used; otherwise the MAC in "vdr_mac" is used. Thus the VDR MAC being used by a host switch in a transport node can be changed in below ways. If the host switch is not in any OVERLAY transport zone whose "nested_nsx" property is true but is in an OVERLAY transport zone, the first way is updating the "vdr_mac" property. The 2nd way is updating one of the OVERLAY tranport zones joined by the host switch to set "nested_nsx" property true which will make the host switch use the VDR MAC in "vdr_mac_nested". The third way is directly updating the transport node to add an OVERLAY transport zone whose "nested_nsx" property is true into the host switch which will also make the host switch use the VDR MAC in "vdr_mac_nested". If the host switch is in some OVERLAY transport zone(s) whose "nested_nsx" property is true, the first way is updating the "vdr_mac_nested" property. The 2nd way is updating all those OVERLAY tranport zones to set "nested_nsx" property false which will make the host switch use the VDR MAC in "vdr_mac". The third way is directly updating the transport node to remove all those OVERLAY transport zones from the host switch which will also make the host switch use the VDR MAC in "vdr_mac". Please note that changing the VDR MAC being used by existing transport nodes will most likely cause traffic disruption and network outage!		 boolean Default: "False"
arp_limit_per_gateway ARP limit per Tier0/Tier1 gateway

Global configuration of maximum number of ARP entries per transport
node at each Tier0/Tier1 gateway.
int Minimum: 5000
Maximum: 50000
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_gateway_bfd External Bidirectional Flow Detection configuration

Configuration for BFD session between host nodes and external gateways.
If this configuration is not provided, system defaults are applied.
ExternalGatewayBfdConfig
fips FIPS enabled config

Contains the FIPSGlobalConfig object.
FIPSGlobalConfig
global_replication_mode_enabled A flag to indicate if global replication mode is enabled

When this flag is set true, certain types of BUM packets will be sent to all VTEPs in the global VTEP table, ignoring the logical switching span.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
l3_forwarding_mode L3 forwarding mode

Configure forwarding mode for routing. This setting does not
restrict configuration for other modes.
string Enum: IPV4_ONLY, IPV4_AND_IPV6
Default: "IPV4_ONLY"
lb_ecmp Flag for controlling equal-cost multi-path(ECMP) load balancing.

Flag to enable/disable ECMP load balancing.
By default ECMP load balancing is disabled.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mtu MTU size

Maximum transmission unit (MTU) specifies the size of the largest
packet that a network protocol can transmit.
This is the global default MTU for all the EXTERNAL (uplink) and
SERVICE (CSP) interfaces in the NSX domain. There is no option to
override this value at the transport zone level or transport node
level.
int Minimum: 1280
operation_collectors Operation global collector config

This property is a part of OpsGlobalConfig object. Use /infra/ops-global-config instead.
The VRNI and WAVE_FRONT collector type can be defined to collect the metric data.
The WAVE_FRONT collector type can only be used in VMC mode.
array of GlobalCollectorConfig
(Abstract type: pass one of the following concrete types)
VrniGlobalCollector
WaveFrontGlobalCollector		 Deprecated
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
physical_uplink_mtu MTU for the physical uplinks

This is the global default MTU for all the physical uplinks in a NSX domain. This is the default value for the optional uplink profile MTU field. When the MTU value is not specified in the uplink profile, this global value will be used. This value can be overridden by providing a value for the optional MTU field in the uplink profile. Whenever this value is updated, the updated value will only be propagated to the uplinks that don't have the MTU value in their uplink profiles. If this value is not set, the default value of 1700 will be used. The Transport Node state can be monitored to confirm if the updated MTU value has been realized.		 int Default: "1700"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
remote_tunnel_physical_mtu The physical MTU for the remote tunnel endpoints

This is the global default MTU for all the physical remote tunnel endpoints in an NSX domain. Please consider intersite link MTU minus any external overhead when defining the MTU. If this value is not set, the default value of 1500 will be used.		 int Default: "1700"
resource_type Must be set to the value GlobalConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
uplink_mtu_threshold Upper threshold for MTU on physical and logical uplinks

This value defines the upper threshold for the Maximum Transmission Unit (MTU) value that can be configured at a physical uplink level or a logical routing uplink level in a NSX domain. All Uplink profiles validate against this value so that the MTU specified in an Uplink profile does not exceed this global upper threshold. Similarly, when this value is modified, the new value must be greater than or equal to any existing Uplink profile's MTU.		 int Default: "9000"
vdr_mac MAC address of the Virtual Distributed Router (VDR) port

This is the global default MAC address for all VDRs in all transport nodes in a NSX system. It can be changed only when there is no transport node in the NSX system. This value cannot be same as vdr_mac_nested. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node. A transport node uses this VDR MAC if any host switch in the node is in OVERLAY transport zone(s) but none of the transport zone(s) has "nested_nsx" property being true.		 MACAddress Default: "02:50:56:56:44:52"
vdr_mac_nested The MAC address of the Virtual Distributed Router (VDR) port in a nested NSX environment.

This is the global default MAC address for all VDRs in all transport nodes in a NSX system nested in another NSX system. It can be changed only when there is no transport node in the NSX system. All transport zones in such a nested NSX system will have the "nested_nsx" property being true so that all transport nodes will use this MAC for the VDR ports to avoid conflict with the VDR MAC in the outer NSX system. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node in a nested NSX environment. A transport node uses this VDR MAC if any host switch in the node is in an OVERLAY transport zone whose "nested_nsx" property is true.		 MACAddress Default: "02:50:56:56:44:53"

GlobalConfigType (schema)

Valid Global configuration types

Name Description Type Notes
GlobalConfigType Valid Global configuration types string Enum: SwitchingGlobalConfig, RoutingGlobalConfig, OperationCollectorGlobalConfig, FirewallGlobalConfig, EsxGlobalOpaqueConfig, SecurityGlobalConfig, FipsGlobalConfig, FederationGlobalConfig, IdsGlobalConfig

GlobalConfigs (schema)

Abstract base type for Global configurations of different types

The GlobalConfigs is the base class for global configurations for
different types in a NSX domain.
This is an abstract type. Concrete child types:
EsxGlobalOpaqueConfig
FipsGlobalConfig
FirewallGlobalConfig
IdsGlobalConfig
OperationCollectorGlobalConfig
RoutingGlobalConfig
SecurityGlobalConfig
SwitchingGlobalConfig

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value GlobalConfigs GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

GlobalConfigsListResult (schema)

Global configurations query result

A list of global configurations grouped by their types

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Domain specific global configuration. array of GlobalConfigs
(Abstract type: pass one of the following concrete types)
EsxGlobalOpaqueConfig
FipsGlobalConfig
FirewallGlobalConfig
IdsGlobalConfig
OperationCollectorGlobalConfig
RoutingGlobalConfig
SecurityGlobalConfig
SwitchingGlobalConfig
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GlobalIdsSignature (schema)

Global IDS signature

Global IDS signature.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Global IDS signature's action

It denotes the global action of a IDS Signature.
This will take precedence over IDS signature's action.
string Enum: ALERT, DROP, REJECT
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable Flag to Enable/Disable a IDS Signature globally.

Flag through which user can Enable/Disable a Signature at Global Level.
boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GlobalIdsSignature string
signature_id Signature ID

Represents the Signature's id.
string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GlobalIdsSignatureListRequestParameters (schema)

Global IDS signature request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

GlobalIdsSignatureListResult (schema)

Paged collection of Global IDS signatures

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Global IDS signature list results array of GlobalIdsSignature Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GlobalManager (schema)

Global Manager

Global Manager.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
connection_info Connection information

To create a standby GM, the connection information (username, password,
and API thumbprint) for at least one NSX manager node in the remote
site must be provided. Once the GM has been successfully onboarded,
the connection_info is discarded and authentication to the
standby GM occurs using an X.509 client certificate.
array of SiteNodeConnectionInfo Maximum items: 3
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fail_if_rtt_exceeded Fail onboarding if maximum RTT exceeded

Fail onboarding if maximum RTT exceeded.
boolean Default: "True"
federation_id Global manager federation UUID

Internally generated UUID to the federation of Global Manager.
string Readonly
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
maximum_rtt Maximum acceptable packet round trip time (RTT)

If provided and fail_if_rtt_exceeded is true, onboarding of the site will
fail if measured RTT is greater than this value.
integer Minimum: 0
Maximum: 1000
Default: "250"
mode Mode of the global manager

There can be at most one ACTIVE global manager and one STANDBY global manager.
In order to add a STANDBY manager, there must be an ACTIVE manager defined.
string Required
Enum: ACTIVE, STANDBY
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GlobalManager string
site_id UUID of the site where Global manager is running

UUID of the site where Global manager is running. This is the
Site Manager generated UUID for every NSX deployment.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GlobalManagerConfig (schema)

Global Manager configuration

This configuration is distributed to all Sites participating in federation.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GlobalManagerConfig string
rtep_config Global Manager federation RTEP configuration

Global Manager federation RTEP configuration. This configuration is distributed
to all Sites participating in federation.
GmRtepConfig
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GlobalManagerListRequestParameters (schema)

Site List Request Parameters

Site list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

GlobalManagerListResult (schema)

Paged Collection of Global Managers

Paged Collection of Global Managers.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Global Manager List Result

Global Manager List Result.		 array of GlobalManager Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GlobalRestoreStatus (schema)

Overall restore process status

Name Description Type Notes
description A description of the restore status string Required
Readonly
value Global rolled-up restore status value string Required
Readonly
Enum: INITIAL, SUCCESS, FAILED, RUNNING, SUSPENDED_BY_USER, SUSPENDED_FOR_USER_ACTION, SUSPENDED, ABORTED

GmFederationSiteConfig (schema)

Federation configuration for the site

Additional configuration required for federation at Site.

Name Description Type Notes
transit_subnet Transit subnet in CIDR format

IP Addresses to be allocated for transit segment when the gateway is
stretched. Note that Global Manager will carve out the IP Pool for each
site to be used for edge nodes when gateway is stretched based on the
user provided subnet and maximum number of edge nodes allowed per site.
string Format: ip-cidr-block

GmRtepConfig (schema)

Global Manager federation RTEP configuration

Global Manager federation RTEP configuration. This configuration is distributed
to all Sites participating in federation.

Name Description Type Notes
ibgp_password Password for IBGP sessions between federated sites

Password to authenticate IBGP session between remote tunnel endpoints
created on federated sites. This is applied to inter-site underlay
IBGP neighbors created over remote tunnel endpoints on all sites.
Empty string ("") clears existing password.
string Maximum length: 20

GracefulRestartConfig (schema)

BGP Graceful Restart Configuration

BGP Graceful Restart configuration parameters

Name Description Type Notes
graceful_restart_mode Graceful Restart Mode

BGP Graceful Restart mode		 GracefulRestartMode Default: "HELPER_ONLY"
graceful_restart_timer Graceful Restart Timer

Graceful Restart timers configuration		 GracefulRestartTimer

GracefulRestartMode (schema)

BGP Graceful Restart modes.
DISABLE Disables Graceful Restart capability.
HELPER_ONLY Enables as Helper only in Graceful Restart mechanism.
GR_AND_HELPER Enables Graceful Restart capability along with HELPER mode.

Name Description Type Notes
GracefulRestartMode BGP Graceful Restart modes.
DISABLE Disables Graceful Restart capability.
HELPER_ONLY Enables as Helper only in Graceful Restart mechanism.
GR_AND_HELPER Enables Graceful Restart capability along with HELPER mode.
string Enum: DISABLE, HELPER_ONLY, GR_AND_HELPER

GracefulRestartTimer (schema)

BGP Graceful Restart Timer

BGP Graceful Restart timers configuration

Name Description Type Notes
restart_timer Restart Timer

Maximum time BGP speaker will take for the BGP session to be
re-established after a restart. Ranges from 1 sec to 3600 sec.
This can be used to speed up routing convergence by its peer in
case that the BGP speaker does not come back after a restart.
If the session does not get re-established within the "Restart Time"
that the Restarting Speaker advertised previously, the Receiving
Speaker will delete all the stale routes from that peer.
integer Minimum: 1
Maximum: 3600
Default: "180"
stale_timer Stale Timer

Maximum time before stale routes are removed from the RIB when the
local BGP process restarts. Ranges from 1 sec to 3600 sec.
integer Minimum: 1
Maximum: 3600
Default: "600"

GraphConfiguration (schema)

Graph Configuration

Represents configuration of a graph widget

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
axes Axes of a graph Axes
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
display_x_value Show or hide the value of a point on X axis

If true, value of a point is shown as label on X axis. If false, value of point is not shown as label on X axis. false can be useful in situations where there are too many points and showing the X value as label can clutter the X axis.		 boolean Default: "False"
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
graphs Graphs array of GraphDefinition Required
Minimum items: 1
graphs_colors A colors for the graph

An array of graphs colors which will be applied to each graph seperately. if number of provided colors are smaller than number of graph in the widget then colors are applied in circular manner.		 array of string
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
line_chart_plot_configs List of line chart plotting configuration

List of line chart plotting configuration. This plotting configuration will be applicable for the LINE_GRAPH only.		 array of LineChartPlotConfiguration
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value GraphConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
sub_type Subtype of a graph

Describes the the type of graph. LINE_GRAPH shows a line graph chart BAR_GRAPH shows a simple bar graph chart STACKED_BAR_GRAPH shows a stacked bar graph chart		 string Enum: LINE_GRAPH, BAR_GRAPH, STACKED_BAR_GRAPH
Default: "BAR_GRAPH"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated
x_value_type x value type

x value type.		 string Enum: string, number, date, millisecond, second
Default: "string"
y_value_type y value type

y value type.		 string Enum: integer, double

GraphDefinition (schema)

Definition of a graph

Defines a graph

Name Description Type Notes
id Identifier of graph

Identifier of graph. It can be used to differentiate multiple graph series present in GraphWidgetConfiguration.		 string
label Label of a graph

Describes the graph. It labels the entities of graph. If the label is not provided then it is not shown for a graph. For example, for a single graph, the title of widget can describe the graph and a label may not be necessary to be shown.		 Label
point_definition Definition for points of a graph

Defines the points of a graph.		 PointDefinition Required
render_configuration Render Configuration

Additional rendering or conditional evaluation of the field values to be performed, if any.		 array of RenderConfiguration Minimum items: 0
row_list_field Expression for series of the graph

An expression that represents the series of the graph		 string

GridConfiguration (schema)

Grid Configuration

Represents configuration of a Grid or Table widget.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
columns Columns

Array of columns of a Grid widget		 array of ColumnItem Required
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
page_size Page Size

Number of records per page. page_size will be effective only when the urls provided in the datasource support paging.		 int Default: "30"
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value GridConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
row_list_fields List of fields from which rows are formed

Rows of grid or table are formed from the list of objects returned by a row list field.		 array of RowListField Required
Minimum items: 1
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

Group (schema)

Group

Group.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildDnsSecurityProfileBindingMap
ChildGroupDiscoveryProfileBindingMap
ChildGroupMonitoringProfileBindingMap
ChildPolicyFirewallFloodProtectionProfileBindingMap
ChildPolicyFirewallSessionTimerProfileBindingMap
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
expression Expression

The expression list must follow below criteria:
1. A non-empty expression list, must be of odd size. In a list, with
indices starting from 0, all non-conjunction expressions must be at
even indices, separated by a conjunction expression at odd
indices.
2. The total of ConditionExpression and NestedExpression in a list
should not exceed 5.
3. The total of IPAddressExpression, MACAddressExpression, external
IDs in an ExternalIDExpression and paths in a PathExpression must not exceed
500.
4. Each expression must be a valid Expression. See the definition of
the Expression type for more information.
array of Expression
(Abstract type: pass one of the following concrete types)
Condition
ConjunctionOperator
ExternalIDExpression
IPAddressExpression
IdentityGroupExpression
MACAddressExpression
NestedExpression
PathExpression
extended_expression Extended Expression

Extended Expression allows additional higher level context to be
specified for grouping criteria. (e.g. user AD group)
This field allow users to specified user context as the source of a
firewall rule for IDFW feature.
Current version only support a single IdentityGroupExpression. In the
future, this might expand to support other conjunction and non-conjunction
expression.

The extended expression list must follow below criteria:
1. Contains a single IdentityGroupExpression. No conjunction expression is
supported.
2. No other non-conjunction expression is supported, except for
IdentityGroupExpression.
3. Each expression must be a valid Expression. See the definition of
the Expression type for more information.
4. Extended expression are implicitly AND with expression.
5. No nesting can be supported if this value is used.
6. If a Group is using extended expression, this group must be the only
member in the source field of an communication map.
array of Expression
(Abstract type: pass one of the following concrete types)
Condition
ConjunctionOperator
ExternalIDExpression
IPAddressExpression
IdentityGroupExpression
MACAddressExpression
NestedExpression
PathExpression		 Maximum items: 1
group_type Indicates the group type.

Group type can be specified during create and update of a group.
Empty group type indicates a 'generic' group, ie group can
include any entity from the valid GroupMemberType.
array of GroupTypes Maximum items: 1
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
reference Indicates if the group is a reference.

If true, indicates that this is a remote reference group. Such group will have
span different from the its parent domain. Default value is false.
boolean Readonly
Default: "False"
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Group string
state Realization state of this group string Enum: IN_PROGRESS, SUCCESS, FAILURE
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GroupDeleteRequestParameters (schema) (Deprecated)

Group delete request parameters

Name Description Type Notes
fail_if_subtree_exists Do not delete if the group subtree has any entities

Check if the group sub-tree has any entities. These primarily include the
binding maps that point to various profiles. If this flag is passed as true,
the group delete fails if any binding maps exist in the group sub-tree.
By default, this flag is false, which means that the group is deleted
along with the group sub-tree.
boolean Default: "False"
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

GroupDiscoveryProfileBindingMap (schema)

Map for binding group with discovery profile

This entity will be used to establish association between discovery profile and
Group. With this entity, user can specify intent for applying discovery profile
profile to particular Group.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GroupDiscoveryProfileBindingMap string
sequence_number Sequence number group discovery profile Binding Map

Sequence number used to resolve conflicts betweeen two profiles applied on
the same group. Lower sequence number takes higher precedence. Two binding
maps applied to the same profile must have the same sequence number.
User defined sequence numbers range from 1 through 100,000.
System defined sequence numbers range from 100,001 through 200,000.
integer Minimum: 1
Maximum: 100000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GroupDiscoveryProfileBindingMapListRequestParameters (schema)

Group Discovery Profile Binding Map List Request Parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

GroupDiscoveryProfileBindingMapListResult (schema)

Paged collection of Group Discovery Profile Binding Map

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Group Discovery Profile Binding Map List Results array of GroupDiscoveryProfileBindingMap
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GroupInfo (schema)

GroupInfo

GroupInfo contains information about a particular Group used in Redirection Rules. It also contains information about policy path, if the group is created from Policy.

Name Description Type Notes
group Group

Group Data.		 ResourceReference Readonly
group_policy_path Policy path of Group

Policy path of a particular Group.		 string Readonly

GroupListRequestParameters (schema)

Group list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
member_types Comma Seperated Member types

Optionally, specify valid member types as request parameter to filter NSGroups.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

GroupListResult (schema)

Paged Collection of Groups

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Group list results array of Group Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GroupMemberActionParameters (schema)

Request Parameters for Group members

Request Parameter to either add or remove the Group members.

Name Description Type Notes
action Add or Remove group members.

Action parameter determines whether to add or remove the group members.
string Required
Enum: add, remove

GroupMemberList (schema)

Members to add or remove for a Group.

List of same type members to either add or remove from a group.

Name Description Type Notes
members Groups members collection

This array contains group members of similar types.		 array of string Required
Minimum items: 1
Maximum items: 4000

GroupMemberTagsList (schema)

Group tags list for a particular member type

Collection of tags used in a policy group for a particular member type

Name Description Type Notes
member_type Member type for which we will list the tags string Required
tags List of tags for the member type array of string Required

GroupMemberType (schema)

Valid Group member type

Name Description Type Notes
GroupMemberType Valid Group member type string Enum: VirtualMachine, VirtualNetworkInterface, SegmentPort, Segment, CloudNativeServiceInstance, IPAddress, MACAddress, IPSet, IdentityGroup, PhysicalServer, Pod, Service, Namespace, Cluster, TransportNode, Group, DVPG, DVPort

GroupMemberTypeListResult (schema)

Name Description Type Notes
result_count Count of the member types in the results array integer Required
Readonly
results Collection of member types for the given Group array of GroupMemberType Required

GroupMonitoringProfileBindingMap (schema)

Group Monitoring Profile binding map

This entity will be used to establish association between monitoring
profile and Group. Using this entity, you can specify intent for applying
monitoring profile to particular Group. Group with membership criteria vm
only supported as source group. Port mirroring is only supported on group
with five vms.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipfix_dfw_profile_path IPFIX DFW Profile Path

PolicyPath of associated IPFIX DFW Profile		 string
ipfix_l2_profile_path IPFIX L2 Profile Path

PolicyPath of associated IPFIX L2 Profile		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
port_mirroring_profile_path Port Mirroring Profile Path

PolicyPath of associated Port Mirroring Profile		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value GroupMonitoringProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

GroupMonitoringProfileBindingMapListRequestParameters (schema)

Group Monitoring Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

GroupMonitoringProfileBindingMapListResult (schema)

Paged collection of Group Monitoring Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Group Monitoring Profile Binding Map list results array of GroupMonitoringProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GroupStatusListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
has_errors Flag to indicate whether to return only upgrade units with errors boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

GroupTagsList (schema)

Group tags list listed per member type

Collection of tags used in a policy group listed per member type

Name Description Type Notes
results Collection of tags used in a policy group listed per member type array of GroupMemberTagsList Required

GroupTypes (schema)

Valid Group Types.

ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types.

Name Description Type Notes
GroupTypes Valid Group Types.

ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types.		 string Enum: IPAddress, ANTREA

GroupedMigrationFeedbackRequest (schema)

Grouped Feedback detail required for Migration

Detailed feedback requests from the migration tool where user input is required.

Name Description Type Notes
accepted_actions Acceptable actions for this feedback request

List of acceptable actions for this feedback request.		 array of string Readonly
accepted_value_type Data type of the items listed in acceptable values

Data type of the items listed in acceptable values list.		 string Required
Readonly
accepted_values Acceptable values for this feedback request

List of acceptable values for this feedback request.		 array of string
hash Identifier for a feedback request type

Identify a feedback request type across objects. This can be used to group together objects with similar feedback request and resolve them in one go.		 string Readonly
message Content of feedback request

Detailed feedback request with options.		 string Required
Readonly
multi_value Indicates if multiple values can be selected as response

Indicates if multiple values can be selected as response from the list of acceptable value.		 boolean Required
Readonly
objects Collection of feedback requests of a given type array of SummaryMigrationFeedbackRequest Required
resolved Indicates if all feedback requests in this group are resolved

Indicates if a valid response already exist for all feedback requests in this group.		 boolean Readonly
sub_vertical Functional sub-area for the feedback query

Functional sub-area that this query falls into.		 string Required
Readonly
suggested_action Suggested action for this feedback request

The suggested action to resolve this feedback request.		 string Required
Readonly
suggested_value Suggested value for this feedback request

The suggested value to resolve this feedback request.		 string Required
Readonly
vertical Functional area for the feedback query

Functional area that this query falls into.		 string Required
Readonly

GroupedMigrationFeedbackRequestListResult (schema)

groups of feedback required for Migration

Groups of detailed feedback requests from the migration tool where user input is required.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of groups of feedback requests array of GroupedMigrationFeedbackRequest Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

GuestInfo (schema)

Guest virtual machine details

Guest virtual machine details include OS name and computer name of guest VM.

Name Description Type Notes
computer_name Computer name

Computer name of guest virtual machine, which is set inside guest OS.
Currently this is supported for guests on ESXi that have VMware Tools installed.
string Readonly
os_name OS name

OS name of guest virtual machine. Currently this is supported for guests
on ESXi that have VMware Tools installed.
string Readonly

HaInfo (schema)

Name Description Type Notes
failover_mode Logical router failover mode

Logical router failover mode		 string Readonly
Enum: PREEMPTIVE, NON-PREEMPTIVE
ha_mode Logical router HA mode

Logical router HA mode		 string Readonly
Enum: ACTIVE-STANDBY, ACTIVE-ACTIVE
ha_state Logical router HA state

Logical router HA state DOWN - Logical router is not in good health SYNC - Logical router is synchronizing data from peer logical router STANDBY - Logical router is available to go Active ACTIVE - Logical router is forwarding traffic		 string Readonly
Enum: DOWN, SYNC, STANDBY, ACTIVE
rank Rank of logical router

Rank of logical router		 integer Readonly
state-history Logical router high-availability history

Logical router high-availability history		 LogicalRouterHaHistory Readonly

HaVipConfig (schema)

Name Description Type Notes
enabled Flag to enable this ha vip config. boolean Default: "True"
ha_vip_subnets Floating IP address subnets

Array of IP address subnets which will be used as floating IP addresses. | Note - this configuration is applicable only for Active-Standby LogicalRouter. | For Active-Active LogicalRouter this configuration will be rejected.		 array of VIPSubnet Required
Minimum items: 1
Maximum items: 2
redundant_uplink_port_ids Identifiers of uplink ports for providing redundancy

Identifiers of logical router uplink ports which are to be paired to provide | redundancy. Floating IP will be owned by one of these uplink ports (depending upon | which node is Active).		 array of string Required
Minimum items: 2
Maximum items: 2

Header (schema)

Widget Header

Header of a widget that provides additional information. This will be shown at the container level. It includes details as label value pairs.

Name Description Type Notes
condition Expression for evaluating condition

If the condition is met then the header will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.		 string Maximum length: 1024
content_alignment alignment for labelvalue pair

Alignment of header labels.		 string Enum: LEFT, RIGHT
Default: "RIGHT"
sub_header_widgets An array of widgets inside the container header

An array of widgets which will appear inside the container header Instead of 'sub_headers' property use this property.		 array of WidgetItem Minimum items: 0
sub_headers Rows

An array of label-value properties. This field is deprecated instead used 'sub_header_widgets' property to define header widgets.		 array of PropertyItem Deprecated
Minimum items: 0

HealthCheckResult (schema)

Health Check Result

Result of health check.

Name Description Type Notes
results_per_transport_node Health Check Results Per Transport Node

List of health check results on specific transport node.
array of HealthCheckResultPerTransportNode Readonly
updated_time Timestamp of check result updated. EpochMsTimestamp Readonly
vlan_mtu_status Overall status of VLAN-MTU health check result.
VlanMtuHealthCheckResultStatus Readonly

HealthCheckResultOnHostSwitch (schema)

Health Check Result On Host Switch

Health check result on specific host switch of specific transport node.

Name Description Type Notes
host_switch_name Host Switch Name

Name of the host switch.		 string Readonly
results_per_uplink Health Check Results Per uplink

List of health check results per uplink on current host switch of specific
transport node.
array of HealthCheckResultPerUplink Readonly
updated_time Timestamp of check result updated. EpochMsTimestamp Readonly
vlan_mtu_status Status of VLAN-MTU health check result on host switch.
VlanMtuHealthCheckResultStatus Readonly

HealthCheckResultPerTransportNode (schema)

Health Check Result Per Transport Node

Health check result on specific transport node

Name Description Type Notes
result_on_host_switch HealthCheckResultOnHostSwitch Readonly
transport_node_id Transport Node ID

ID of the Transport Node.		 string Readonly

HealthCheckResultPerUplink (schema)

Health Check Result Per Uplink

Health check result for specific uplink.

Name Description Type Notes
mtu_disallowed MTU Disallowed

List of VLAN ID ranges which are allowed by VLAN settings but may be
disallowed by MTU settings.
array of HealthCheckVlanRange Readonly
uplink_name Uplink Name

Name of the uplink.		 string Readonly
vlan_and_mtu_allowed VLAN and MTU Allowed

List of VLAN ID ranges which are allowed by VLAN and MTU settings.
array of HealthCheckVlanRange Readonly
vlan_disallowed VLAN Disallowed

List of VLAN ID ranges which may be disallowed by VLAN settings.
array of HealthCheckVlanRange Readonly

HealthCheckSpecVlans (schema)

VLAN Range Specification

HealthCheckSpecVlan is used for specifying VLAN ID ranges for healthcheck.

Name Description Type Notes
vlan_ranges VLAN ID ranges array of HealthCheckVlanRange Required
Minimum items: 1

HealthCheckVlanRange (schema)

VLAN ID range

Name Description Type Notes
end VlanID Required
start VlanID Required

HeatMapTransportNodesAggregateStatus (schema)

Name Description Type Notes
degraded_count Number of transport nodes that are degraded int
down_count Number of transport nodes that are down int
unknown_count Number of transport nodes with unknown status int
up_count Number of transport nodes that are up int

HeatMapTransportZoneStatus (schema)

Name Description Type Notes
degraded_count Number of transport nodes that are degraded int
down_count Number of transport nodes that are down int
unknown_count Number of transport nodes with unknown status int
up_count Number of transport nodes that are up int

HostInfraTrafficType (schema) (Deprecated)

Enumerate all types of traffic

The traffic_name specifies the infrastructure traffic type and it
must be one of the following system-defined types:
FAULT_TOLERANCE is traffic for failover and recovery.
HBR is traffic for Host based replication.
ISCSI is traffic for Internet Small Computer System Interface.
MANAGEMENT is traffic for host management.
NFS is traffic related to file transfer in network file system.
VDP is traffic for vSphere data protection.
VIRTUAL_MACHINE is traffic generated by virtual machines.
VMOTION is traffic for computing resource migration.
VSAN is traffic generated by virtual storage area network.
The dynamic_res_pool_name provides a name for the resource pool.
It can be any arbitrary string.
Either traffic_name or dynamic_res_pool_name must be set.
If both are specified or omitted, an error will be returned.

Name Description Type Notes
dynamic_res_pool_name Dynamic resource pool traffic name string
traffic_name Traffic types string Enum: FAULT_TOLERANCE, HBR, ISCSI, MANAGEMENT, NFS, VDP, VIRTUAL_MACHINE, VMOTION, VSAN

HostNode (schema)

Host node

Host node

Name Description Type Notes
compute_collection_id Compute collection id

Id of the compute collection to which discovered node belongs.		 string Readonly
description Description of this resource

This field is deprecated. TransportNode field 'description' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 1024
Sortable
discovered_ip_addresses Discovered IP Addresses of the fabric node, version 4 or 6 array of IPAddress Readonly
discovered_node_id Discovered node id

Id of discovered node which was converted to create this node		 string Readonly
display_name Identifier to use when displaying entity in logs or GUI

This field is deprecated. TransportNode field 'display_name' must be used instead. For HostNode, this field defaults to ID if not set. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 255
Sortable
external_id ID of the Node maintained on the Node and used to recognize the Node string
fqdn Fully qualified domain name of the fabric node string Readonly
host_credential Host login credentials

Login credentials for the host. It is mandatory to provide
credentials while adding host to MP to create transport node.
HostNodeLoginCredential
id Unique identifier of this resource

Unique identifier of this resource.		 string Sortable
ip_addresses IP Addresses of the Node, version 4 or 6

IP Addresses of the Node, version 4 or 6. This property is mandatory for all nodes except for
automatic deployment of edge virtual machine node. For automatic deployment, the ip address from
management_port_subnets property will be considered.
array of IPAddress
maintenance_mode_state Maintenance mode state

Indicates host node's maintenance mode state. The state is ENTERING
when a task to put the host in maintenance-mode is in progress.
string Readonly
Enum: OFF, ENTERING, ON
managed_by_server Id of vCenter server managing the HostNode

The id of the vCenter server managing the ESXi type HostNode		 string Readonly
os_type Hypervisor OS type

Hypervisor type, for example ESXi or RHEL KVM		 string Required
Enum: ESXI, RHELKVM, RHELSERVER, WINDOWSSERVER, RHELCONTAINER, UBUNTUKVM, UBUNTUSERVER, HYPERV, CENTOSKVM, CENTOSSERVER, CENTOSCONTAINER, SLESKVM, SLESSERVER, OELSERVER
os_version Hypervisor OS version

Version of the hypervisor operating system		 string
resource_type Must be set to the value HostNode string Required
tags Opaque identifiers meaningful to the API user

This field is deprecated. TransportNode field 'tags' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 array of Tag Deprecated
Maximum items: 30
windows_install_location Install location of Windows Server on baremetal being managed by NSX

Specify an installation folder to install the NSX kernel modules for Windows Server. By default, it is C:\Program Files\VMware\NSX\.		 string

HostNodeLoginCredential (schema)

The credentials to login into the host node

Name Description Type Notes
password The authentication password of the host node string
thumbprint ESXi thumbprint or SSH key fingerprint of the host node

For ESXi hosts, the thumbprint of the ESXi management service.
For KVM hosts, the SSH key fingerprint.
If thumbprint is not provided then connection to host may not
be established and API call will fail.
string
username The username of the account on the host node string

HostNodeStatus (schema)

Host Node Status

Name Description Type Notes
config_status Configuration status of host node

Gives details of state of desired configuration. This property is available only if Tranport Node exists for the host. Following are the supported values pending - Transport Node configuration status is pending in_progress - Transport Node configuration status is in progress success - Transport Node configuration status is successful failed - Transport Node configuration status is failed partial_success - Transport Node configuration status is partial success orphaned - Transport Node configuration status is orphaned unknown - Transport Node configuration status is unknown error - Error occured during Transport Node configuration		 string Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error
deployment_status Deployment progress status of host node

This specifies the current nsx install status for host node. Following are the supported values INSTALL_IN_PROGRESS - NSX installation is in progress on the host INSTALL_FAILED - NSX installation failed on the host INSTALL_SUCCESSFUL - NSX installation successful on the host UNINSTALL_IN_PROGRESS - NSX uninstallation in progress on the host UNINSTALL_FAILED - NSX uninstallation failed on the host UNINSTALL_SUCCESSFUL - NSX uninstallation successful on the host UNINSTALL_SCHEDULED - NSX uninstallation is scheduled on the host UPGRADE_IN_PROGRESS - NSX upgrade is in progress on the host UPGRADE_FAILED - NSX upgrade failed on the host DEPLOYMENT_QUEUED - Deployment is queued on the DEPLOYMENT_IN_PROGRESS - Deployment is in progress DEPLOYMENT_FAILED - Deployment is failed DEPLOYMENT_SUCCESSFUL - Deployment is successful UNDEPLOYMENT_QUEUED - Undeployment is queued UNDEPLOYMENT_IN_PROGRESS - Undeployment is in progress UNDEPLOYMENT_FAILED - Undeployment failed UNDEPLOYMENT_SUCCESSFUL - Undeployment is successful UPGRADE_QUEUED - Upgrade is queued HOST_DISCONNECTED - Host is disconnected POWERED_OFF - Host is powered off		 string Readonly
Enum: INSTALL_IN_PROGRESS, INSTALL_FAILED, INSTALL_SUCCESSFUL, UNINSTALL_IN_PROGRESS, UNINSTALL_FAILED, UNINSTALL_SUCCESSFUL, UNINSTALL_SCHEDULED, UPGRADE_IN_PROGRESS, UPGRADE_FAILED, DEPLOYMENT_QUEUED, DEPLOYMENT_IN_PROGRESS, DEPLOYMENT_FAILED, DEPLOYMENT_SUCCESSFUL, UNDEPLOYMENT_QUEUED, UNDEPLOYMENT_IN_PROGRESS, UNDEPLOYMENT_FAILED, UNDEPLOYMENT_SUCCESSFUL, UPGRADE_QUEUED, HOST_DISCONNECTED, POWERED_OFF
node_id Unique Id of the host node string Readonly

HostNodeStatusListResult (schema)

HostNodeStatus queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results HostNodeStatus Results array of HostNodeStatus Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

HostSwitchInfo (schema) (Deprecated)

Information of host switch participating in transport zone

Name Description Type Notes
host_switch_id Unique ID of a host switch string Required
Readonly
host_switch_mode Mode of host switch string Required
Readonly
Enum: STANDARD, ENS, ENS_INTERRUPT
host_switch_name Name of a host switch string Required
Readonly
host_switch_type Type of a host switch string Required
Readonly
Enum: NVDS, VDS

HostSwitchProfileListParameters (schema) (Deprecated)

HostSwitchProfile List Parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
deployment_type Deployment type of EdgeNode or PublicCloudGatewayNode

If the node_type is specified, then deployment_type may be specified to filter uplink profiles applicable to only PHYSICAL_MACHINE or VIRTUAL_MACHINE deployments of these nodes.		 EdgeDeploymentType
hostswitch_profile_type Type of host switch profile HostSwitchProfileType
include_system_owned Whether the list result contains system resources boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
node_type Fabric node type for which uplink profiles are to be listed

The fabric node type is the resource_type of the Node such as EdgeNode and PublicCloudGatewayNode. If a fabric node type is given, uplink profiles that apply for nodes of the given type will be returned.		 string Enum: EdgeNode, PublicCloudGatewayNode
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
uplink_teaming_policy_name The host switch profile's uplink teaming policy name

If populated, only UplinkHostSwitchProfiles with the specified uplink teaming policy name are returned. Otherwise, any HostSwitchProfile can be returned.		 string

HostSwitchProfileType (schema) (Deprecated)

Supported HostSwitch profiles.

Name Description Type Notes
HostSwitchProfileType Supported HostSwitch profiles. string Deprecated
Enum: UplinkHostSwitchProfile, LldpHostSwitchProfile, NiocProfile, ExtraConfigHostSwitchProfile

HostSwitchProfileTypeIdEntry (schema) (Deprecated)

Name Description Type Notes
key HostSwitchProfileType
value key value string Required

HostSwitchProfilesListResult (schema) (Deprecated)

HostSwitch Profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results HostSwitch Profile Results array of BaseHostSwitchProfile
(Abstract type: pass one of the following concrete types)
ExtraConfigHostSwitchProfile
LldpHostSwitchProfile
NiocProfile
UplinkHostSwitchProfile		 Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

HostSwitchSpec (schema)

Abstract base type for transport node host switch specification

The HostSwitchSpec is the base class for standard and preconfigured
host switch specifications.
This is an abstract type. Concrete child types:
PreconfiguredHostSwitchSpec
StandardHostSwitchSpec

Name Description Type Notes
resource_type string Required
Enum: StandardHostSwitchSpec, PreconfiguredHostSwitchSpec

HostSwitchState (schema) (Deprecated)

Host Switch State

Name Description Type Notes
endpoints List of virtual tunnel endpoints which are configured on this switch array of Endpoint Readonly
host_switch_id External ID of the HostSwitch string Readonly
host_switch_name HostSwitch name. This name will be used to reference this HostSwitch.

The name must be unique among all host switches specified in a given Transport Node.		 string Readonly
host_switch_type Type of HostSwitch

VDS represents VMware vSphere Distributed Switch from vSphere that is used as HostSwitch through TransportNode or TransportNodeProfile configuration. When VDS is used as a HostSwitch, Hosts have to be added to VDS from vSphere and VDS instance is created on Hosts. To configure NSX on such hosts, you can use this VDS as a HostSwitch from NSX manager. vCenter has the ownership of MTU, LAG, NIOC and LLDP configuration of such VDS backed HostSwitch. Remaining configuration (e.g. UplinkHostswitchProfile) will be managed by NSX. NVDS represents NSX Virtual Switch which is NSX native HostSwitch. All configurations of NVDS will be managed by NSX.		 string Enum: NVDS, VDS
Default: "NVDS"
transport_zone_ids List of Ids of TransportZones this HostSwitch belongs to array of string Readonly

HostTransportNode (schema)

Host Transport Node

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
discovered_node_id_for_create Discovered node id to create Host Transport Node

Specify discovered node id to create Host Transport Node for Discovered Node.
This field is required during Host Transport Node create from vCenter server managing the ESXi type HostNode.
No need to provide node_deployment_info while creating Host Transport Node for Discovered Node.
If both node_deployment_info and discovered_node_id_for_create provided during Host TransportNode create payload
then it will create Host Transport Node from the discovered node id provided in this field.
string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
host_switch_spec Transport node host switch specification

This property is used to either create standard host switches
or to inform NSX about preconfigured host switches that already
exist on the transport node.

Pass an array of either StandardHostSwitchSpec objects or
PreconfiguredHostSwitchSpec objects. It is an error to pass
an array containing different types of HostSwitchSpec objects.
HostSwitchSpec
(Abstract type: pass one of the following concrete types)
PreconfiguredHostSwitchSpec
StandardHostSwitchSpec
id Unique identifier of this resource string Sortable
is_overridden Indicates if config is different than compute collection.

This flag is relevant to only those hosts which are part of a
compute collection which has transport node profile (TNP)
applied on it. If you change the transport node configuration
and it is different than cluster level TNP then this flag will
be set to true.
boolean Readonly
maintenance_mode transport node maintenance mode desired state

The property is read-only, used for querying result. User could update transport node maintenance mode by UpdateTransportNodeMaintenanceMode call.		 string Readonly
Enum: ENABLED, FORCE_ENABLED, DISABLED
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
node_deployment_info FabricHostNode
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value HostTransportNode string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

HostTransportNodeCollection (schema)

Compute collection transport node template

Entity to indicate relation between Compute collection and Transport node template.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
compute_collection_id Compute collection id string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
has_nvds Flag indicating if applied profile has NVDS boolean
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value HostTransportNodeCollection string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_node_profile_id Transport Node Profile ID string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

HostTransportNodeCollectionListResult (schema)

Transport Node collections list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Transport Node collection results array of HostTransportNodeCollection Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

HostTransportNodeListParameters (schema)

Host Transport Node list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
discovered_node_id discovered node id

This property can be used by itself or along with 'transport_zone_path'. This applies only to vCenter Managed hosts. For Unmanaged hosts use node_ip instead. These hosts are discovered by Nsx manager after adding a vCenter as Compute Manager. Refer to fabric discovered-nodes api to get discoverednode_id. eg. 6ab2278f-951d-471b-8d0f-510c825945f1:host-14		 string
in_maintenance_mode maintenance mode flag

If the flag is true, transport node with 'ENABLED' or 'FORCE_ENABLED' desired state will be returned, otherwise transport nodes in 'DISABLED' will be returned.		 boolean
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
node_ip Transport node IP address

This property can only be used alone. It can not be combined with other filtering properties.		 string
node_types a list of node types separated by comma or a single type

Specify types from [HostNode, EdgeNode, PublicCloudGatewayNode]. If a list of node types is given, all transport nodes of given types will be returned.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
transport_zone_path Transport zone path

This property can be used along with 'node_id'. Valid Policy Tz path should be given, eg. /infra/sites/default/enforcement-points/default/transport-zones/web-tz1		 string

HostTransportNodeListResult (schema)

Host Transport Node queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Host TransportNode Results array of HostTransportNode Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

HostUpgradeStatus (schema)

Status of host upgrade

Name Description Type Notes
can_rollback Can perform rollback

This field indicates whether we can perform upgrade rollback.		 boolean Readonly
can_skip Can the upgrade of the remaining units in this component be skipped boolean Readonly
component_type Component type for the upgrade status string Readonly
current_version_node_summary Mapping of current versions of nodes and counts of nodes at the respective versions. NodeSummaryList Readonly
details Details about the upgrade status string Readonly
node_count_at_target_version Count of nodes at target component version

Number of nodes of the type and at the component version		 int Readonly
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
pre_upgrade_status Pre-upgrade status of the component-type UpgradeChecksExecutionStatus Readonly
status Upgrade status of component string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version Target component version string Readonly

HostedEntityInfo (schema)

Name Description Type Notes
entity_type Type of entity

The type of entity hosted could be MP, CCP, VMC App etc.		 string Required
Readonly
entity_uuid Unique identifier of entity string Required
Readonly

HostnameOrIPv4Address (schema)

Hostname or IPv4 address

Name Description Type Notes
HostnameOrIPv4Address Hostname or IPv4 address string Format: hostname-or-ipv4

HostnameOrIPv4AddressOrEmptyString (schema)

Hostname or IPv4 address

Name Description Type Notes
HostnameOrIPv4AddressOrEmptyString Hostname or IPv4 address string Maximum length: 255
Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$|^$"

HttpProtocol (schema)

Name Description Type Notes
authentication_scheme Scheme to authenticate if required BasicAuthenticationScheme
name Must be set to the value HttpProtocol string Required
Enum: http, https, scp, sftp

HttpRequestMethodType (schema) (Deprecated)

http monitor method

Name Description Type Notes
HttpRequestMethodType http monitor method string Deprecated
Enum: GET, OPTIONS, POST, HEAD, PUT

HttpRequestVersionType (schema) (Deprecated)

http request version

Name Description Type Notes
HttpRequestVersionType http request version string Deprecated
Enum: HTTP_VERSION_1_0, HTTP_VERSION_1_1

HttpServiceProperties (schema)

HTTP Service properties

Name Description Type Notes
basic_authentication_enabled Enable or disable basic authentication

Identifies whether basic authentication is enabled or disabled in API calls.		 boolean Default: "True"
certificate Certificate Required
Readonly
cipher_suites Cipher suites used to secure contents of connection array of CipherSuite Minimum items: 1
client_api_concurrency_limit Client API rate limit in calls

The maximum number of concurrent API requests that will be serviced for a given authenticated client. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.		 integer Minimum: 0
Default: "40"
client_api_rate_limit Client API rate limit in calls per second

The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0.		 integer Minimum: 0
Default: "100"
connection_timeout NSX connection timeout, set to 0 to configure no timeout integer Minimum: 0
Maximum: 2147483647
cookie_based_authentication_enabled Enable or disable cookie-based authentication

Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create.		 boolean Default: "True"
global_api_concurrency_limit Global API rate limit in calls

The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.		 integer Minimum: 0
Default: "100"
logging_level Service logging level string Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
Default: "INFO"
protocol_versions TLS protocol versions array of ProtocolVersion Minimum items: 1
redirect_host Host name or IP address to use for redirect location headers, or empty string to derive from current request HostnameOrIPv4AddressOrEmptyString Default: ""
session_timeout NSX session inactivity timeout, set to 0 to configure no timeout integer Minimum: 0
Maximum: 2147483647

HttpsProtocol (schema)

Name Description Type Notes
authentication_scheme Scheme to authenticate if required BasicAuthenticationScheme
name Must be set to the value HttpsProtocol string Required
Enum: http, https, scp, sftp
sha256_thumbprint SSL thumbprint of server string Required

HypervisorOsType (schema)

Hypervisor os type

Name Description Type Notes
HypervisorOsType Hypervisor os type string Enum: KVM, VMWARE, UNKNOWN

ICMPTypeNSService (schema)

A NSService that represents IPv4 or IPv6 ICMP protocol

Name Description Type Notes
icmp_code ICMP message code integer
icmp_type ICMP message type integer
protocol ICMP protocol type string Required
Enum: ICMPv4, ICMPv6
resource_type Must be set to the value ICMPTypeNSService string Required
Enum: EtherTypeNSService, IPProtocolNSService, IGMPTypeNSService, ICMPTypeNSService, ALGTypeNSService, L4PortSetNSService

ICMPTypeServiceEntry (schema)

A ServiceEntry that represents IPv4 or IPv6 ICMP protocol

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
icmp_code ICMP message code integer Minimum: 0
Maximum: 255
icmp_type ICMP message type integer Minimum: 0
Maximum: 255
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
protocol string Required
Enum: ICMPv4, ICMPv6
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ICMPTypeServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IDSEventDataRequest (schema)

Parameters to filter list of intrusions

Filtering parameters to get only a subset of intrusion events.

Name Description Type Notes
filters Filter conditions

An array of filter conditions.		 array of FilterRequest

IDSEventsBySignature (schema)

Detcted intrusions grouped by signature

Intrusions that are detected, grouped by signature. It contains the signature id,
severity, name, the number of intrusions of that type and the first occurence.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
count Number of times signature was seen

Number of times this particular signature was detected.		 integer Readonly
first_occurence First occurence of the intrusion

First occurence of the intrusion, in epoch milliseconds.		 EpochMsTimestamp Readonly
is_ongoing Flag indicating an ongoing intrusion

Flag indicating an ongoing intrusion.		 boolean Readonly
resource_type IDSEvent resource type

IDSEvent resource type.		 string Required
Readonly
severity Severity of the signature

Severity of the threat covered by the signature, can be Critical, High, Medium, or Low.		 string Readonly
signature_id Signature ID

Signature ID pertaining to the detected intrusion.		 integer Readonly
signature_name Name of the signature

Name of the signature pertaining to the detected intrusion.		 string Readonly

IDSEventsBySignatureResult (schema)

List of intrusions grouped by signature

List of all intrusions that are detected grouped by signature, it
contains minimal details about the intrusions.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of all intrusions detected

List of all intrusions detected, grouped by signature. The details include signature id, name, severity, timestamp, and total number of attempts per signature.		 array of IDSEventsBySignature Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IDSEventsSummary (schema)

Intrusions with event and signature data

Intrusion event with all the event and signature details, each event
contains the signature id, name, severity, first and recent occurence,
users and VMs affected and other signature metadata.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
affected_vm_count Count of VMs this signature was detected on

Count of VMs on which a particular signature was detected.		 integer Readonly
first_occurence First occurence of the intrusion

First occurence of the intrusion, in epoch milliseconds.		 EpochMsTimestamp Readonly
idsflow_details IDS event flow data details

IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol.		 object Readonly
is_ongoing Flag indicating an ongoing intrusion

Flag indicating an ongoing intrusion.		 boolean Readonly
is_rule_valid Is the rule id valid

Indicates if the rule id is valid or not.		 boolean Readonly
latest_occurence Latest occurence of the intrusion

Latest occurence of the intrusion, in epoch milliseconds.		 EpochMsTimestamp Readonly
resource_type IDSEvent resource type

IDSEvent resource type.		 string Required
Readonly
rule_id IDS Rule id of detected intrusion

The IDS Rule id that detected this particular intrusion.		 integer Readonly
signature_id Signature ID

Signature ID pertaining to the detected intrusion.		 integer Readonly
signature_metadata Metadata about the detected signature

Metadata about the detected signature including name, id, severity, product affected, protocol etc.		 object Readonly
total_count Number of occurrences of this signature

Number of times this particular signature was detected.		 integer Readonly
user_details List of users on the affected VMs

List of users logged into VMs on which a particular signature was detected.		 object Readonly
vm_details List of VMs this signature was seen

List of VMs on which a particular signature was detected with the count.		 object Readonly

IDSProfile (schema)

IDS Profile

An entity that holds the list of IDS signatures which need to be detected. The profiles can be custom created or built in.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IDSProfile string
signatures IDS Signatures

List of IDS signatures ids which need to be detected.		 array of string Required
Minimum items: 1
Maximum items: 30000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IDSSignatureDetail (schema)

Name Description Type Notes
action Action

Packet analysis action		 string
affected_product Affected product

Product affected by the signature.		 string
attack_target Attack target

Target of the attack tracked in the signature.		 string
category Category

VMware defined signature category.		 array of string
class_type Signature class type

Class type of the signature.		 string
cves CVE of the signature

CVE of the signature.		 array of string
cvss Signature CVSS score

Represents the cvss value of a Signature.
The value is derived from cvssv3 or cvssv2 score.
If cvssv3 exists, then this is the cvssv3 score, else
it is the cvssv2 score.
string
cvssv2 Signature CVSSV2 score

Signature CVSSV2 score.		 string
cvssv3 Signature CVSSV3 score

Signature CVSSV3 score.		 string
direction Direction

Source-destination direction.		 string
enabled Enabled

Signature enabled.		 boolean
flow Flow established

Flow established from server, from client etc.		 string
malware_family Malware Family

Family of the malware tracked in the signature.		 string
name Signature name

Name of the signature.		 string
performance_impact Performance impact

Performance impact of the signature.		 string
policy Policy

Signature policy.		 array of string
protocol Protocol

Protocol used in the packet analysis.		 string
resource_type IDSSignatureDetail resource type

IDSSignatureDetail resource type.		 string Required
Readonly
severity Severity

VMware defined signature severity.		 string
signature_id The signature ID

Unique ID of the signature rule.		 integer
signature_revision Signature revision

The revision of the signature		 integer
signature_severity Signature severity

Signature vendor set severity of the signature rule.		 string
tag Signature tag

Vendor assigned classification tag.		 array of string
type Type

Signature type.		 array of string
urls List of mitre attack URLs pertaining to signature

List of mitre attack URLs pertaining to signature.		 array of string

IDSSummaryListResult (schema)

List of intrusions with their summary

List of all intrusions that are detected grouped by signature with
their summary.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of intrusions

Paged collection of the detected intrusions.		 array of IDSEventsSummary Readonly
Maximum items: 100
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IGMPTypeNSService (schema)

A NSService that represents IGMP protocol

Name Description Type Notes
resource_type Must be set to the value IGMPTypeNSService string Required
Enum: EtherTypeNSService, IPProtocolNSService, IGMPTypeNSService, ICMPTypeNSService, ALGTypeNSService, L4PortSetNSService

IGMPTypeServiceEntry (schema)

A ServiceEntry that represents IGMP protocol

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IGMPTypeServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IKEDigestAlgorithm (schema)

Digest Algorithms used in IKE negotiations

The IKEDigestAlgorithms are used to verify message
integrity during IKE negotiation. SHA1 produces 160
bits hash and SHA2_XXX produces XXX bit hash.

Name Description Type Notes
IKEDigestAlgorithm Digest Algorithms used in IKE negotiations

The IKEDigestAlgorithms are used to verify message
integrity during IKE negotiation. SHA1 produces 160
bits hash and SHA2_XXX produces XXX bit hash.
string Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

IKEEncryptionAlgorithm (schema)

Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of
the messages exchanged during IKE negotiations. AES stands for
Advanced Encryption Standards. AES_128 uses 128-bit keys whereas
AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and
is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one
for encryption(AES) and one for authentication(GMAC). AES_GCM
algorithms will be available with IKE_V2 version only.
AES_GCM_128 uses 128-bit keys.
AES_GCM_192 uses 192-bit keys.
AES_GCM_256 uses 256-bit keys.

Name Description Type Notes
IKEEncryptionAlgorithm Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of
the messages exchanged during IKE negotiations. AES stands for
Advanced Encryption Standards. AES_128 uses 128-bit keys whereas
AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and
is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one
for encryption(AES) and one for authentication(GMAC). AES_GCM
algorithms will be available with IKE_V2 version only.
AES_GCM_128 uses 128-bit keys.
AES_GCM_192 uses 192-bit keys.
AES_GCM_256 uses 256-bit keys.
string Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256

IPAddress (schema)

IPv4 or IPv6 address

Name Description Type Notes
IPAddress IPv4 or IPv6 address string Format: ip

IPAddressElement (schema)

IP Address

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
ip_address IPElement Required

IPAddressElementListResult (schema)

Collection of IP address elements

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IP address element list array of IPAddressElement Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPAddressExpression (schema)

IP address expression node

Represents IP address expressions in the form of an array, to support addition of IP addresses in a group. Avoid creating groups with multiple IPAddressExpression. In future releases, group will be restricted to contain a single IPAddressExpression. To group IPAddresses, use nested groups instead of multiple IPAddressExpressions.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_addresses Array of IP addresses

This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64".		 array of IPElement Required
Minimum items: 1
Maximum items: 4000
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPAddressExpression string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPAddressGroupAssociationRequestParams (schema)

List request parameters containing ip address and enforcement point path

List request parameters containing ip address and enforcement point path

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point from which the list of groups needs
to be fetched. Forward slashes must be escaped using %2F. If no enforcement
point path is specified, the default enforcement point is considered
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ip_address IPAddress string Required
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPAddressList (schema)

IP Address collection.

Collection of IP Addresses.

Name Description Type Notes
ip_addresses Array of IP addresses

The array contains IP addresses.		 array of IPElement Required
Minimum items: 1
Maximum items: 4000

IPAddressOrCIDRBlock (schema)

IPAddress or CIDR Block

Name Description Type Notes
IPAddressOrCIDRBlock IPAddress or CIDR Block string Format: address-or-cidr-block

IPAddresses (schema)

Name Description Type Notes
ip_addresses IPs of the filter

The IP addresses in the form of IP Address, IP Range, CIDR, used as source IPs or destination IPs of filters.		 array of IPElement Minimum items: 1

IPCIDRBlock (schema)

IPv4 or IPv6 CIDR Block

Name Description Type Notes
IPCIDRBlock IPv4 or IPv6 CIDR Block string Format: ip-cidr-block

IPDiscoveryProfile (schema)

IP Discovery Profile

Using this profile to configure different options of IP Discovery

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
arp_nd_binding_timeout ARP and ND cache timeout (in minutes)

This property controls the ARP and ND cache timeout period. It
is recommended that this property be greater than the ARP/ND
cache timeout on the VM.
int Minimum: 5
Maximum: 120
Default: "10"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
duplicate_ip_detection Duplicate IP Dection Options

Duplicate IP detection is used to determine if there is any IP conflict
with any other port on the same logical switch. If a conflict is detected,
then the IP is marked as a duplicate on the port where the IP was
discovered last. The duplicate IP will not be added to the realized
address binings for the port and hence will not be used in DFW rules or
other security configurations for the port.rt.
DuplicateIPDetectionOptions
id Unique identifier of this resource string Sortable
ip_v4_discovery_options IPv4 Discovery options

Indicates IPv4 Discovery options		 IPv4DiscoveryOptions
ip_v6_discovery_options IPv6 Discovery options

Indicates IPv6 Discovery options		 IPv6DiscoveryOptions
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPDiscoveryProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tofu_enabled Is TOFU enabled or not

Indicates whether "Trust on First Use(TOFU)" paradigm is enabled.		 boolean Default: "True"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPDiscoveryProfileListRequestParameters (schema)

IP Discovery Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPDiscoveryProfileListResult (schema)

Paged collection of IP Discovery Profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IP Discovery profile list results array of IPDiscoveryProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPElement (schema)

IP address, range, or subnet

IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"

Name Description Type Notes
IPElement IP address, range, or subnet

IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"
string Format: address-or-block-or-range

IPElementList (schema)

List of IP address, range, or subnet

IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"

Name Description Type Notes
IPElementList List of IP address, range, or subnet

IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"
string Format: list-of-address-or-block-or-range

IPFIXDFWCollector (schema)

IPFIX DFW Collector

IPFIX DFW data will be collected on collector
Host IP and Port address should be provided for collector.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
collector_ip_address IP address

IP address for the IPFIX DFW collector.
IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid.
IPAddress Required
collector_port Port

Port for the IPFIX DFW collector.		 int Required
Minimum: 0
Maximum: 65535
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPFIXDFWCollector string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPFIXDFWCollectorProfile (schema)

IPFIX DFW Collector Profile

IPFIX data for the NSX distributed firewall will be sent to the specified
IPFIX collectors.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipfix_dfw_collectors IPFIX DFW Collectors.

It accepts Multiple Collectors.		 array of IPFIXDFWCollector Required
Minimum items: 1
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPFIXDFWCollectorProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPFIXDFWCollectorProfileListRequestParameters (schema)

IPFIX DFW Collector Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPFIXDFWCollectorProfileListResult (schema)

Paged Collection of IPFIX DFW Collector Profile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX DFW Collection Instances list results array of IPFIXDFWCollectorProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPFIXDFWProfile (schema)

IPFIX DFW Profile

IPFIX packets from source will be sent to IPFIX DFW collector.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
active_flow_export_timeout Active timeout (Minutes)

For long standing active flows, IPFIX records will be sent
per timeout period in minutes.
int Required
Minimum: 1
Maximum: 60
Default: "1"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipfix_dfw_collector_profile_path IPFIX collector Paths

Policy path for IPFIX collector profiles. IPFIX data from
these logical segments will be sent to all specified IPFIX
collectors.
string Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
observation_domain_id Observation domain ID

An identifier that is unique to the exporting process
and used to meter the flows.
int Minimum: 0
Maximum: 65536
Default: "0"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
priority Config Priority

This priority field is used to resolve conflicts in Segment
Ports which are covered by more than one IPFIX profiles. The IPFIX
exporter will send records to Collectors in highest priority
profile (lowest number) only.
int Minimum: 0
Maximum: 32000
Default: "0"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPFIXDFWProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPFIXDFWProfileListRequestParameters (schema)

IPFIX DFW Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPFIXDFWProfileListResult (schema)

Paged Collection of IPFIX DFW Profile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX DFW Profile list results array of IPFIXDFWProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPFIXL2Collector (schema)

IPFIX L2 Collector

IPFIX packets will be collected on collector.
IP and port address should be provided for collector.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
collector_ip_address IP address

IP address for the IPFIX L2 collector.
IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid.
IPAddress Required
collector_port Port

Port number for the IPFIX L2 collector.		 int Minimum: 0
Maximum: 65535
Default: "4739"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPFIXL2Collector string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPFIXL2CollectorProfile (schema)

IPFIX L2 Collector Profile

IPFIX L2 data will be collected on collectors.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipfix_l2_collectors It accepts Multiple Collector objects.

It accepts Multiple Collector objects.		 array of IPFIXL2Collector Required
Minimum items: 1
Maximum items: 4
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPFIXL2CollectorProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPFIXL2CollectorProfileListRequestParameters (schema)

IPFIX collector profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPFIXL2CollectorProfileListResult (schema)

Paged list of IPFIX collector profiles.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX collector Profile list results array of IPFIXL2CollectorProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPFIXL2Profile (schema)

IPFIX L2 Profile

IPFIX data from source logical segment, port, group will be forwarded to IPFIX
collector.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
active_timeout Active timeout

The time in seconds after a flow is expired even if
more packets matching this flow are received by the cache.
int Minimum: 60
Maximum: 3600
Default: "300"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
export_overlay_flow Export overlay Flow

This property controls whether overlay flow info is included in the
sample result.
boolean Default: "True"
id Unique identifier of this resource string Sortable
idle_timeout Idle timeout

The time in seconds after a flow is expired if
no more packets matching this flow are received by the cache.
int Minimum: 60
Maximum: 3600
Default: "300"
ipfix_collector_profile_path IPFIX collector Path

Policy path for IPFIX collector profile. User can specify only one IPFIX collector.
string Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
max_flows Max flows

The maximum number of flow entries in
each exporter flow cache.
integer Minimum: 0
Maximum: 4294967295
Default: "16384"
observation_domain_id Observation domain ID

An identifier that is unique to the exporting process and used to
meter the flows.
integer Minimum: 0
Maximum: 4294967295
Default: "0"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
packet_sample_probability Packet sample probability

The probability in percentage that a packet is sampled,
in range 0-100. The probability is equal for every packet.
number Required
Minimum: 0
Maximum: 100
Default: "0.1"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
priority Config Priority

This priority field is used to resolve conflicts in Segment
Ports which are covered by more than one IPFIX profiles. The IPFIX
exporter will send records to Collectors in highest priority
profile (lowest number) only.
int Minimum: 0
Maximum: 32000
Default: "0"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPFIXL2Profile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPFIXL2ProfileListRequestParameters (schema)

IPFIX L2 Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPFIXL2ProfileListResult (schema)

Paged Collection of IPFIX L2 Profile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX L2 Profile list results array of IPFIXL2Profile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPInfo (schema)

Name Description Type Notes
ip_addresses IPv4 Addresses array of IPv4Address Required
Minimum items: 1
Maximum items: 1
prefix_length Subnet Prefix Length integer Required
Minimum: 1
Maximum: 32

IPMemberAction (schema)

Name Description Type Notes
action Specifies addition or removal action string Required
Enum: add_ip, remove_ip

IPMirrorDestination (schema)

Name Description Type Notes
destination_ips List of destination IP addresses

The destination IPs of the mirror packet will be sent to.		 array of IPAddress Required
Minimum items: 1
Maximum items: 3
encapsulation_type IPMirrorDestination encapsulation type

You can choose GRE, ERSPAN II or ERSPAN III.		 EncapsulationType Required
Default: "GRE"
erspan_id ERSPAN session id

Used by physical switch for the mirror traffic forwarding.
Must be provided and only effective when encapsulation type is
ERSPAN type II or type III.
int Minimum: 0
Maximum: 1023
gre_key GRE encapsulation key

User-configurable 32-bit key only for GRE		 int
resource_type Must be set to the value IPMirrorDestination MirrorDestinationResourceType Required

IPPrefixList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
prefixes Ordered list of PrefixConfig array of PrefixConfig Required
Minimum items: 1
Maximum items: 1330000
resource_type Must be set to the value IPPrefixList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IPPrefixListListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of IPPrefixLists array of IPPrefixList Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPProtocolNSService (schema)

An NSService element that represents an IP protocol

Name Description Type Notes
protocol_number The IP protocol number integer Required
resource_type Must be set to the value IPProtocolNSService string Required
Enum: EtherTypeNSService, IPProtocolNSService, IGMPTypeNSService, ICMPTypeNSService, ALGTypeNSService, L4PortSetNSService

IPProtocolServiceEntry (schema)

A ServiceEntry that represents an IP protocol

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
protocol_number integer Required
Minimum: 0
Maximum: 255
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPProtocolServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecDigestAlgorithm (schema)

Digest Algorithms used in IPSec tunnel establishment

The IPSecDigestAlgorithms are used to verify message
integrity during IPSec VPN tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces
XXX bit hash.

Name Description Type Notes
IPSecDigestAlgorithm Digest Algorithms used in IPSec tunnel establishment

The IPSecDigestAlgorithms are used to verify message
integrity during IPSec VPN tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces
XXX bit hash.
string Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

IPSecEncryptionAlgorithm (schema)

Encryption algorithm used in IPSec tunnel

IPSecEncryptionAlgorithms are used to ensure confidentiality
of the messages exchanged during Tunnel negotiations. AES
stands for Advanced Encryption Standards. AES_128 uses 128-bit
keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both
confidentiality and data origin authentication.
NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input
data without encyption. Digest algorithm should be empty for this
option.

Name Description Type Notes
IPSecEncryptionAlgorithm Encryption algorithm used in IPSec tunnel

IPSecEncryptionAlgorithms are used to ensure confidentiality
of the messages exchanged during Tunnel negotiations. AES
stands for Advanced Encryption Standards. AES_128 uses 128-bit
keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both
confidentiality and data origin authentication.
NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input
data without encyption. Digest algorithm should be empty for this
option.
string Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION

IPSecVPNDPDProfile (schema)

Dead peer detection (DPD) profile

Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dpd_probe_interval DPD probe interval defines an interval for DPD probes (in seconds)

When the DPD probe mode is periodic, this interval is the number
of seconds between DPD messages.
When the DPD probe mode is on-demand, this interval is the number
of seconds during which traffic is not received from the peer before
DPD retry messages are sent if there is IPSec traffic to send.
For PERIODIC Mode:
Minimum: 3
Maximum: 360
Default: 60
For ON_DEMAND Mode:
Minimum: 1
Maximum: 10
Default: 3
integer
dpd_probe_mode DPD probe mode

DPD probe mode is used to query the liveliness of the peer. Two modes are possible -
PERIODIC - is used to query the liveliness of the peer at regular
intervals (dpd_probe_interval). It does not take into consideration
traffic coming from the peer. The benefit of this mode over the
on-demand mode is earlier detection of dead peers.
However, use of periodic DPD incurs extra overhead. When
communicating to large numbers of peers, please consider using on-demand DPD instead.
ON_DEMAND - is used to query the liveliness of the peer by
instructing the local endpoint to send DPD message to a peer if
there is traffic to send to the peer AND the peer was idle for
dpd_probe_interval seconds (i.e. there was no traffic from the
peer for dpd_probe_interval seconds)
string Enum: PERIODIC, ON_DEMAND
Default: "PERIODIC"
enabled Enable dead peer detection (DPD)

If true, enable dead peer detection.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IPSecVPNDPDProfile string
retry_count Retry count

Maximum number of DPD messages retry attempts. This value is applicable for both dpd probe modes, periodic and on-demand.		 integer Minimum: 1
Maximum: 100
Default: "5"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IPSecVPNDPDProfileListResult (schema)

List dead peer detection (DPD) profiles

List all the dead peer detection (DPD) profiles.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSec DPD Profile list results array of IPSecVPNDPDProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVPNIKEProfile (schema)

Internet key exchange (IKE) profile

IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
dh_groups DH group

Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.		 array of DHGroup
digest_algorithms Algorithm for message hash

Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256.		 array of IKEDigestAlgorithm
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
encryption_algorithms Encryption algorithm for IKE

Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128.		 array of IKEEncryptionAlgorithm
id Unique identifier of this resource string Sortable
ike_version IKE version

IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.		 string Enum: IKE_V1, IKE_V2, IKE_FLEX
Default: "IKE_V2"
resource_type Must be set to the value IPSecVPNIKEProfile string
sa_life_time Security association (SA) life time

Life time for security association. Default is 86400 seconds (1 day).		 integer Minimum: 21600
Maximum: 31536000
Default: "86400"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IPSecVPNIKEProfileListResult (schema)

List IKE profiles

List all the IKE profiles.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IKE Profile list results array of IPSecVPNIKEProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVPNIKEServiceSummary (schema)

IPSec VPN IKE service summary

Summarized view of all IPSec VPN sessions for a specified service.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all selected sessions.		 IPSecVPNTrafficCounters
display_name Display name

VPN service display name.		 string Readonly
ipsec_vpn_service_id Service identifier

UUID for a vpn service.		 string Readonly
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
logical_router_id Logical router identifier

Logical router identifier associated with vpn service.		 string Readonly
session_summary Session summary

Session summary for number of total, established, failed and degraded IPSec VPN sessions.		 IPsecVPNIKESessionSummary Readonly
traffic_summary_per_session Traffic summary

Traffic summary per session.		 array of IPSecVPNSessionTrafficSummary

IPSecVPNIKESessionStatus (schema)

IKE session status

Status for IPSec VPN IKE session UP, DOWN, NEGOTIATING and fail reason if IKE session is down.

Name Description Type Notes
fail_reason Fail reason

Reason for failure.		 string Readonly
ike_session_state IKE session state

IKE session service status UP, DOWN and NEGOTIATING.		 string Readonly
Enum: UP, DOWN, NEGOTIATING
transport_node_id Transport Node Id

Transport Node identifier where session is present.		 string Readonly

IPSecVPNIKETrafficStatistics (schema)

IPSec VPN IKE traffic statistics

Traffic statistics for IPSec VPN IKE session. Note - Not supported in this release.

Name Description Type Notes
bytes_in Bytes in

Number of bytes in.		 integer Readonly
bytes_out Bytes out

Number of bytes out.		 integer Readonly
fail_count Fail count

Fail count.		 integer Readonly
packets_in Packets in

Number of packets in.		 integer Readonly
packets_out Packets out

Number of packets out.		 integer Readonly

IPSecVPNLocalEndpoint (schema)

IPSec VPN Local Endpoint

Local endpoint represents a logical router on which tunnel needs to be terminated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificate_id Certificate Id

Site certificate identifier.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipsec_vpn_service_id VPN Service id

VPN Service id.		 ResourceReference Required
local_address IPV4 Address for local endpoint

IPV4 Address for local endpoint.		 IPv4Address Required
local_id Local identifier

Local identifier.		 string
resource_type Must be set to the value IPSecVPNLocalEndpoint string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
trust_ca_ids Certificate authority (CA) identifiers

Certificate authority (CA) identifier list to verify peer certificates.		 array of string
trust_crl_ids Certificate revocation list (CRL) Identifiers

Certificate revocation list (CRL) identifier list of peer certificates.		 array of string

IPSecVPNLocalEndpointListParameters (schema)

List parameters for IPSec VPN local endpoints

Parameters to get the filtered list of IPSec VPN local endpoints. Both filter parameters can be provided as they are not mutually exclusive.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ipsec_vpn_service_id Id of the IPSec VPN service

All the local endpoints configured with the specified VPN Service id will be included in the result.		 string
logical_router_id Id of logical router

All the local endpoints belonging to the specified logical router id will be included in the result.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVPNLocalEndpointListResult (schema)

List local endpoints

List all the local endpoints.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSec local endpoint list results array of IPSecVPNLocalEndpoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVPNPeerEndpoint (schema)

IPSec VPN Peer Endpoint

IPSec VPN Peer Endpoint covers configuration to be applied locally to establish a session with remote endpoint on peer site.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authentication_mode Authentication Mode

Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory.		 string Enum: PSK, CERTIFICATE
Default: "PSK"
connection_initiation_mode Connection initiation mode

Connection initiation mode used by local
endpoint to establish ike connection with peer endpoint.
INITIATOR - In this mode local endpoint initiates tunnel
setup and will also respond to incoming tunnel setup requests
from peer gateway.
RESPOND_ONLY - In this mode, local endpoint shall only
respond to incoming tunnel setup requests. It shall not
initiate the tunnel setup.
ON_DEMAND - In this mode local endpoint will initiate tunnel
creation once first packet matching the policy rule is
received and will also respond to incoming initiation request.
string Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND
Default: "INITIATOR"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dpd_profile_id Dead peer detection (DPD) profile id

Dead peer detection (DPD) profile id. Default will be set according to system default policy.		 string
id Unique identifier of this resource string Sortable
ike_profile_id Internet key exchange (IKE) profile id

IKE profile id to be used. Default will be set according to system default policy.		 string
ipsec_tunnel_profile_id IPSec tunnel profile id

Tunnel profile id to be used. By default it will point to system default profile.		 string
peer_address IPV4 address of peer endpoint on remote site.

IPV4 address of peer endpoint on remote site.		 string Required
peer_id Peer id

Peer identifier.		 string Required
psk Pre-shared key

IPSec Pre-shared key. Maximum length of this field is 128 characters.		 string
resource_type Must be set to the value IPSecVPNPeerEndpoint string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IPSecVPNPeerEndpointListResult (schema)

List peer endpoints

List all the peer endpoints.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSec Peer endpoint list results array of IPSecVPNPeerEndpoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVPNPolicyRule (schema)

IPSec VPN policy rules

For policy-based IPsec VPNs, a security policy specifies as its action the VPN tunnel to be used for transit traffic that meets the policy's match criteria.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_owner Owner of this resource OwnerResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
action Action to be applied

PROTECT - Protect rules are defined per policy based
IPSec VPN session.
BYPASS - Bypass rules are defined per IPSec VPN
service and affects all policy based IPSec VPN sessions.
Bypass rules are prioritized over protect rules.
string Readonly
Enum: PROTECT, BYPASS
Default: "PROTECT"
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination list

List of peer subnets.		 array of IPSecVPNPolicySubnet Maximum items: 128
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enabled flag

A flag to enable/disable the policy rule.		 boolean Default: "True"
id Unique policy id

Unique policy id.		 string
logged Logging flag

A flag to enable/disable the logging for the policy rule.		 boolean Default: "False"
resource_type Must be set to the value IPSecVPNPolicyRule string
sources Source list

List of local subnets.		 array of IPSecVPNPolicySubnet Maximum items: 128

IPSecVPNPolicySubnet (schema)

Subnet for IPSec Policy based VPN

Used to specify the local/peer subnets in IPSec VPN Policy rule.

Name Description Type Notes
subnet Peer or local subnet

Subnet used in policy rule.		 IPv4CIDRBlock Required

IPSecVPNPolicyTrafficStatistics (schema)

IPSec VPN policy traffic statistics

IPSec VPN policy traffic statistics

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all ipsec tunnels.		 IPSecVPNTrafficCounters Readonly
policy_id Policy Identifier

Policy Identifier.		 string Readonly
tunnel_port_id Tunnel port identifier

Tunnel port identifier.		 string Readonly
tunnel_statistics Tunnel statistics

Tunnel statistics.		 array of IPSecVPNTunnelTrafficStatistics Readonly

IPSecVPNService (schema)

IPSec VPN service

Create and manage IPSec VPN service for given logical router.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bypass_rules Bypass Policy rules

Bypass policy rules are configured using VPN service.
Bypass rules always have higher priority over protect
rules and they affect all policy based vpn sessions associated
with the IPSec VPN service. Protect rules are defined per
policy based vpn session.
array of IPSecVPNPolicyRule
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable virtual private network (VPN) service

If true, enable VPN services for given logical router.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ike_log_level Internet key exchange (IKE) log level

Log level for internet key exchange (IKE).		 string Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY
Default: "INFO"
ipsec_ha_sync IPSec HA State Sync flag

Enable/disable IPSec HA state sync. IPSec HA state sync
can be disabled in case there are performance issues with
the state sync messages. Default is to enable HA Sync.
boolean Default: "True"
logical_router_id Logical router id

Logical router id.		 string Required
resource_type Must be set to the value IPSecVPNService string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IPSecVPNServiceListResult (schema)

List IPSec VPN services

List all the IPSec VPN services.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSec VPN serivce list result array of IPSecVPNService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVPNSession (schema)

IPSec VPN session

VPN session defines connection between local and peer endpoint. Untill VPN session is defined configuration is not realized. This is an abstract type. Concrete child types:
PolicyBasedIPSecVPNSession
RouteBasedIPSecVPNSession

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable/Disable IPSec VPN session

Enable/Disable IPSec VPN session.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ipsec_vpn_service_id IPSec VPN service identifier

Identifier of VPN Service linked with local endpoint.		 string Readonly
local_endpoint_id Local endpoint identifier

Local endpoint identifier.		 string Required
peer_endpoint_id Peer endpoint identifier

Peer endpoint identifier.		 string Required
resource_type Must be set to the value IPSecVPNSession IPSecVPNSessionResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_mss_clamping TcpMssClamping

IPSecVPNSessionListParameters (schema)

List parameters for IPSec VPN Sessions

Parameters to get filtered list of IPSec VPN Sessions. The filter parameters are not mutually exclusive and can be used together.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ipsec_vpn_service_id Id of the IPSec VPN service

All the IPSec VPN sessions configured with the specified VPN Service id will be included in the result.		 string
logical_router_id Id of logical router

All the VPN sessions belonging to the specified logical router id will be included in the result.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
session_type Type of the vpn session

All the IPSec VPN sessions of specified type will be included in the result.		 IPSecVPNSessionResourceType
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVPNSessionListResult (schema)

List IPSec VPN sessions

List all the IPSec VPN sessions.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSec VPN sessions list result array of IPSecVPNSession
(Abstract type: pass one of the following concrete types)
PolicyBasedIPSecVPNSession
RouteBasedIPSecVPNSession		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVPNSessionResourceType (schema)

Resource types of IPsec VPN session

A Policy Based VPN requires to define protect rules that match
local and peer subnets. IPSec security associations is
negotiated for each pair of local and peer subnet.
A Route Based VPN is more flexible, more powerful and recommended over
policy based VPN. IP Tunnel port is created and all traffic routed via
tunnel port is protected. Routes can be configured statically
or can be learned through BGP. A route based VPN is must for establishing
redundant VPN session to remote site.

Name Description Type Notes
IPSecVPNSessionResourceType Resource types of IPsec VPN session

A Policy Based VPN requires to define protect rules that match
local and peer subnets. IPSec security associations is
negotiated for each pair of local and peer subnet.
A Route Based VPN is more flexible, more powerful and recommended over
policy based VPN. IP Tunnel port is created and all traffic routed via
tunnel port is protected. Routes can be configured statically
or can be learned through BGP. A route based VPN is must for establishing
redundant VPN session to remote site.
string Enum: PolicyBasedIPSecVPNSession, RouteBasedIPSecVPNSession

IPSecVPNSessionState (schema)

Realization State of IPSec VPN Session.

This holds the state of IPSec VPN Session. If there are
errors in realizing session outside of MP, it gives details
of the components and specific errors.

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
pending_change_list List of pending changes

Request identifier of the API which modified the entity.		 array of string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

IPSecVPNSessionStatistics (schema)

IPSec VPN session statistics

Session statistics gives aggregated statistics of all policies for all the tunnels.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all ipsec tunnels.		 IPSecVPNTrafficCounters Readonly
display_name Display name

Display name of vpn session.		 string Readonly
ike_status IKE status summary

Status for IPSec VPN IKE session UP/DOWN and fail reason if IKE session is down.		 IPSecVPNIKESessionStatus Readonly
ike_traffic_statistics IKE traffic statistics

Traffic statistics for IPSec VPN IKE session. Note - Not supported in this release.		 IPSecVPNIKETrafficStatistics Readonly
ipsec_vpn_session_id Session identifier

UUID of vpn session.		 string Readonly
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
partial_stats Partial Statistics

Partial statistics if true specifies that the statistics are only from active node.		 boolean Readonly
policy_statistics IPSec policy statistics

Gives aggregate traffic statistics across all ipsec tunnels and individual tunnel statistics.		 array of IPSecVPNPolicyTrafficStatistics Readonly

IPSecVPNSessionStatus (schema)

IKE session traffic summary

IKE session traffic summary provides IKE session status and aggregate of traffic across all tunnel.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all ipsec tunnels.		 IPSecVPNTrafficCounters Readonly
display_name Display name

Display name of vpn session.		 string Readonly
failed_tunnels Failed tunnels

Number of failed tunnels.		 integer Readonly
ike_status IKE status

Status for IPSec VPN IKE session UP/DOWN and fail reason if IKE session is down.		 IPSecVPNIKESessionStatus Readonly
ipsec_vpn_session_id Session identifier

UUID of vpn session.		 string Readonly
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
negotiated_tunnels Negotiated tunnels

Number of negotiated tunnels.		 integer Readonly
session_status Session status

Gives session status consolidated using IKE status and tunnel status. It can be UP, DOWN, DEGRADED. If IKE and all tunnels are UP status will be UP, if all down it will be DOWN, otherwise it will be DEGRADED.		 string Readonly
Enum: UP, DOWN, DEGRADED
total_tunnels Total tunnels

Total number of tunnels.		 integer Readonly

IPSecVPNSessionSummary (schema)

IPSec VPN session summary

Summarized view of all selected IPSec VPN sessions.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all selected sessions.		 IPSecVPNTrafficCounters
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
session_summary Session summary

Session summary for number of total, established, failed and degraded IPSec VPN sessions.		 IPsecVPNIKESessionSummary Readonly
traffic_summary_per_session Traffic summary

Traffic summary per session.		 array of IPSecVPNSessionTrafficSummary

IPSecVPNSessionTrafficSummary (schema)

IPSec VPN session traffic summary

IPSec VPN session traffic summary.

Name Description Type Notes
ipsec_vpn_session VPN session

VPN Session.		 ResourceReference Readonly
traffic_counters Traffic stastics

Traffic stastics.		 IPSecVPNTrafficCounters Readonly

IPSecVPNTrafficCounters (schema)

IPSec VPN traffic counters

Traffic counters for IPSec VPN session.

Name Description Type Notes
bytes_in Bytes in

Total number of bytes recevied.		 integer Readonly
bytes_out Bytes out

Total number of bytes sent.		 integer Readonly
dropped_packets_in Dropped incoming packets

Total number of incoming packets dropped on inbound security association.		 integer Readonly
dropped_packets_out Dropped outgoing packets

Total number of outgoing packets dropped on outbound security association.		 integer Readonly
packets_in Packets in

Total number of packets received.		 integer Readonly
packets_out Packets out

Total number of packets sent.		 integer Readonly

IPSecVPNTransportStatus (schema)

VPN Session status

Provides IPSec VPN session status.

Name Description Type Notes
resource_type Must be set to the value IPSecVPNTransportStatus TransportTunnelResourceType Required
status IPSec vpn session status

VPN session status provides IKE session status and aggregate of traffic across all tunnel.		 IPSecVPNSessionStatus Readonly
tunnel_id Transport tunnel id

Transport tunnel id.		 ResourceReference Readonly

IPSecVPNTunnelProfile (schema)

IPSec VPN tunnel profile

IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
df_policy Policy for handling defragmentation bit

Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet.		 string Enum: COPY, CLEAR
Default: "COPY"
dh_groups DH group

Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.		 array of DHGroup
digest_algorithms Algorithm for message hash

Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm "AES_GCM_128".		 array of TunnelDigestAlgorithm
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_perfect_forward_secrecy Enable perfect forward secrecy

If true, perfect forward secrecy (PFS) is enabled.		 boolean Default: "True"
encapsulation_mode Encapsulation Mode

Encapsulation Mode to be used for encryption of packet. Tunnel mode protects internal routing information by encrypting IP header of original packet.		 string Readonly
Enum: TUNNEL_MODE
Default: "TUNNEL_MODE"
encryption_algorithms Encryption algorithm to use in tunnel establishement

Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128.		 array of TunnelEncryptionAlgorithm
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IPSecVPNTunnelProfile string
sa_life_time Security association (SA) life time

SA life time specifies the expiry time of security
association. Default is 3600 seconds.
integer Minimum: 900
Maximum: 31536000
Default: "3600"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transform_protocol Tunnel protocol

IPSec transform specifies IPSec security protocol.		 string Readonly
Enum: ESP
Default: "ESP"

IPSecVPNTunnelProfileListResult (schema)

List tunnel profiles

List all the tunnel profiles.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSec Tunnel Profile list results array of IPSecVPNTunnelProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVPNTunnelTrafficStatistics (schema)

IPSec VPN tunnel traffic statistics

IPSec VPN tunnel traffic statistics.

Name Description Type Notes
bytes_in Bytes in

Total number of incoming bytes on inbound Security association (SA).		 integer Readonly
bytes_out Bytes out

Total number of outgoing bytes on outbound Security association (SA).		 integer Readonly
decryption_failures Decryption failures

Total number of packets dropped due to decryption failures.		 integer Readonly
dropped_packets_in Dropped incoming packets

Total number of incoming packets dropped on inbound security association.		 integer Readonly
dropped_packets_out Dropped outgoing packets

Total number of outgoing packets dropped on outbound security association.		 integer Readonly
encryption_failures Encryption failures

Total number of packets dropped because of failure in encryption.		 integer Readonly
integrity_failures Integrity failures

Total number of packets dropped due to integrity failures.		 integer Readonly
local_subnet Local subnet

Local subnet to which a tunnel belongs.		 string Readonly
nomatching_policy_errors Nomatching Policy errors

Number of packets dropped because of no matching policy is available.		 integer Readonly
packets_in Packets in

Total number of incoming packets on inbound Security association (SA).		 integer Readonly
packets_out Packets out

Total number of outgoing packets on outbound Security association (SA).		 integer Readonly
packets_receive_other_error Packets receive other error

Total number of incoming packets dropped on inbound Security association (SA)(misc).		 integer Readonly
packets_sent_other_error Packets sent other error

Total number of packets dropped while sending for any reason.		 integer Readonly
peer_subnet Peer subnet

Peer subnet to which a tunnel belongs.		 string Readonly
policy_id Policy Identifier

Policy UUID of IPSec Tunnel.		 string Readonly
replay_errors Replay errors

Total number of packets dropped due to replay check on that Security association (SA).		 integer Readonly
sa_mismatch_errors_in Security association (SA) mismatch errors on incoming packets

Totoal number of security association (SA) mismatch errors on incoming packets.		 integer Readonly
sa_mismatch_errors_out Security association (SA) mismatch errors on outgoing packets

Totoal number of security association (SA) mismatch errors on outgoing packets.		 integer Readonly
seq_number_overflow_error Sequence number overflow error

Total number of packets dropped while sending due to overflow in sequence number.		 integer Readonly
tunnel_down_reason Tunnel down reason

Gives the detailed reason about the tunnel when it is down. If tunnel is UP tunnel down reason will be empty.		 string Readonly
tunnel_status Tunnel Status

Specifies the status of tunnel. If all the SA (Security association) are negotiated then tunnels status will be UP. If negotiation fails for the SAs status will be DOWN, if SAs are in negotiating phase tunnels status will be NEGOTIATING.		 string Readonly
Enum: UP, DOWN, NEGOTIATING

IPSecVpnDpdProfile (schema)

Dead peer detection (DPD) profile

Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dpd_probe_interval DPD Probe Interval

DPD probe interval defines an interval for DPD probes (in seconds).
- When the DPD probe mode is periodic, this interval is the number
of seconds between DPD messages.
- When the DPD probe mode is on-demand, this interval is the number
of seconds during which traffic is not received from the peer before
DPD retry messages are sent if there is IPSec traffic to send.
For PERIODIC Mode:
Minimum: 3
Maximum: 360
Default: 60
For ON_DEMAND Mode:
Minimum: 1
Maximum: 10
Default: 10
integer
dpd_probe_mode DPD Probe Mode

DPD probe mode is used to query the liveliness of the peer. Two modes
are possible:
- PERIODIC: is used to query the liveliness of the peer at regular
intervals (dpd_probe_interval). It does not take into consideration
traffic coming from the peer.
The benefit of this mode over the on-demand mode is earlier detection of
dead peers. However, use of periodic DPD incurs extra overhead. When
communicating to large numbers of peers, please consider using on-demand
DPD instead.
- ON_DEMAND: is used to query the liveliness of the peer by instructing
the local endpoint to send DPD message to a peer if there is traffic to
send to the peer AND the peer was idle for dpd_probe_interval seconds
(i.e. there was no traffic from the peer for dpd_probe_interval seconds).
string Enum: PERIODIC, ON_DEMAND
Default: "PERIODIC"
enabled Enable dead peer detection (DPD)

If true, enable dead peer detection.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnDpdProfile string
retry_count Retry Count

Maximum number of DPD messages' retry attempts. This value is applicable
for both dpd probe modes, periodic and on-demand.
integer Minimum: 1
Maximum: 100
Default: "10"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnDpdProfileListRequestParameters (schema)

IPSecVpnDpdProfile list request parameters

Request parameters to get filtered list of IPSecVpnDpdProfile.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVpnDpdProfileListResult (schema)

Paged Collection of IPSecVpnDpdProfile

Paged Collection of IPSecVpnDpdProfile.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSecVpnDpdProfile list results

IPSecVpnDpdProfile list results.		 array of IPSecVpnDpdProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVpnIkeProfile (schema)

Internet key exchange (IKE) profile

IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
dh_groups DH group

Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.		 array of DhGroup
digest_algorithms Algorithm for message hash

Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. A default value of SHA2_256 will be applied only when the supplied encryption algorithms contain either AES_128 or AES_256.		 array of IkeDigestAlgorithm
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
encryption_algorithms Encryption algorithm for IKE

Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128.		 array of IkeEncryptionAlgorithm
id Unique identifier of this resource string Sortable
ike_version IKE version

IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.		 string Enum: IKE_V1, IKE_V2, IKE_FLEX
Default: "IKE_V2"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnIkeProfile string
sa_life_time Security association (SA) life time

Life time for security association. Default is 86400 seconds (1 day).		 integer Minimum: 21600
Maximum: 31536000
Default: "86400"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnIkeProfileListRequestParameters (schema)

IPSecVpnIkeProfile list request parameters

Request parameters to get filtered list of IPSecVpnIkeProfile.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVpnIkeProfileListResult (schema)

Paged Collection of IPSecVpnIkeProfile

Paged Collection of IPSecVpnIkeProfile.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSecVpnIkeProfile list results

IPSecVpnIkeProfile list results.		 array of IPSecVpnIkeProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVpnIkeSessionStatus (schema)

Ike session status

Status for IPSec VPN Ike session UP, DOWN, NEGOTIATING and fail reason if Ike session
is down.

Name Description Type Notes
fail_reason Fail reason

Reason for failure.
string Readonly
ike_session_state Ike session state

Ike session service status UP, DOWN and NEGOTIATING.
string Readonly
Enum: UP, DOWN, NEGOTIATING

IPSecVpnIkeTrafficStatistics (schema)

IPSec VPN Ike traffic statistics

Traffic statistics for IPSec VPN Ike session.
Note - Not supported in this release.

Name Description Type Notes
bytes_in Bytes in

Number of bytes in.		 integer Readonly
bytes_out Bytes out

Number of bytes out.		 integer Readonly
fail_count Fail count

Fail count.		 integer Readonly
packets_in Packets in

Number of packets in.		 integer Readonly
packets_out Packets out

Number of packets out.		 integer Readonly

IPSecVpnLocalEndpoint (schema)

IPSec VPN Local Endpoint

Local endpoint represents a tier-0/tier-1 on which tunnel needs to be terminated. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope attribute at the corresponding LM. Local endpoint without any scope will be realized on all sites. The scope attribute is applicable only on GM not on LM.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificate_path Certificate path

Policy path referencing site certificate.		 string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
local_address IPV4 Address of local endpoint

IPV4 Address of local endpoint.		 IPv4Address Required
local_id Local identifier

Local identifier.		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnLocalEndpoint string
scope scope identify the site to which LocalEndpoint configuration associated with. Applicable only in GM

Scope attribute refers to the Policy path identifying the LocaleService of specific site where all the local end point configurations will be realized. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope at the corresponding LM. Local endpoint without any scope will be realized on all sites. This attribute will not be applicable on LM.		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
trust_ca_paths Certificate authority (CA) paths

List of policy paths referencing certificate authority (CA) to verify peer certificates.		 array of string
trust_crl_paths Certificate revocation list (CRL) paths

List of policy paths referencing certificate revocation list (CRL) to peer certificates.		 array of string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnLocalEndpointListRequestParameters (schema)

IPSecVpnLocalEndpoint list request parameters

Request parameters to get filtered list of IPSecVpnLocalEndpoint.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVpnLocalEndpointListResult (schema)

Paged Collection of IPSecVpnLocalEndpoint

Paged Collection of IPSecVpnLocalEndpoint.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSecVpnLocalEndpoint list results

IPSecVpnLocalEndpoint list results.		 array of IPSecVpnLocalEndpoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVpnRule (schema)

IPSec VPN Rule

For policy-based IPsec VPNs, a security policy specifies as its action the VPN tunnel to be used for transit traffic that meets the policy’s match criteria.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action to be applied

PROTECT - Protect rules are defined per policy based
IPSec VPN session.
BYPASS - Bypass rules are defined per IPSec VPN
service and affects all policy based IPSec VPN sessions.
Bypass rules are prioritized over protect rules.
string Readonly
Enum: PROTECT, BYPASS
Default: "PROTECT"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination list

List of peer subnets. Specifying no value is interpreted
as 0.0.0.0/0.
array of IPSecVpnSubnet Maximum items: 128
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enabled flag

A flag to enable/disable the rule.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
logged Logging flag

A flag to enable/disable the logging for the rule.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnRule string
sequence_number Sequence number of the IPSecVpnRule

A sequence number is used to give a priority to an IPSecVpnRule.		 int Minimum: 0
sources Source list

List of local subnets. Specifying no value is interpreted
as 0.0.0.0/0.
array of IPSecVpnSubnet Maximum items: 128
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnService (schema)

IPSec VPN service

Create and manage IPSec VPN service under tier-0/tier-1.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bypass_rules Bypass Policy rules

Bypass policy rules are configured using VPN service.
Bypass rules always have higher priority over protect
rules and they affect all policy based vpn sessions associated
with the IPSec VPN service. Protect rules are defined per
policy based vpn session.
array of IPSecVpnRule
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildIPSecVpnLocalEndpoint
ChildIPSecVpnSession
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable virtual private network (VPN) service

If true, enable VPN services under tier-0/tier-1.		 boolean Default: "True"
ha_sync Flag to enable IPSec HA State Sync

Enable/disable IPSec HA state sync. IPSec HA state sync can be disabled if in case there are performance issues w.r.t. the state sync messages.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ike_log_level Internet key exchange (IKE) log level

Log level for internet key exchange (IKE).		 string Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY
Default: "INFO"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnService string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnServiceListRequestParameters (schema)

IPSecVpnService list request parameters

Request parameters to get filtered list of IPSecVpnService.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVpnServiceListResult (schema)

Paged Collection of IPSecVpnService

Paged Collection of IPSecVpnService.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSecVpnService list results

IPSecVpnService list results.		 array of IPSecVpnService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVpnSession (schema)

IPSec VPN session

VPN session defines connection between local and peer endpoint. Until VPN session is defined configuration is not realized. This is an abstract type. Concrete child types:
PolicyBasedIPSecVpnSession
RouteBasedIPSecVpnSession

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authentication_mode Authentication Mode

Peer authentication mode.
PSK - In this mode a secret key shared between local and
peer sites is to be used for authentication. The secret
key can be a string with a maximum length of 128 characters.
CERTIFICATE - In this mode a certificate defined at the
global level is to be used for authentication.
string Enum: PSK, CERTIFICATE
Default: "PSK"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
compliance_suite Compliance suite

Compliance suite.
string Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE
connection_initiation_mode Connection initiation mode

Connection initiation mode used by local endpoint to
establish ike connection with peer site.
INITIATOR - In this mode local endpoint initiates
tunnel setup and will also respond to incoming tunnel
setup requests from peer gateway.
RESPOND_ONLY - In this mode, local endpoint shall only
respond to incoming tunnel setup requests. It shall not
initiate the tunnel setup.
ON_DEMAND - In this mode local endpoint will initiate
tunnel creation once first packet matching the policy
rule is received and will also respond to incoming
initiation request.
string Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND
Default: "INITIATOR"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dpd_profile_path Dead peer detection (DPD) profile path

Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.		 string
enabled Enable/Disable IPSec VPN session

Enable/Disable IPSec VPN session.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ike_profile_path Internet key exchange (IKE) profile path

Policy path referencing IKE profile to be used. Default is set according to system default profile.		 string
local_endpoint_path Local endpoint path

Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
peer_address IPV4 address of peer endpoint on remote site

Public IPV4 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
peer_id Peer id

Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
psk Pre-shared key

IPSec Pre-shared key. Maximum length of this field is 128 characters.		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnSession IPSecVpnSessionResourceType Required
site_overrides SiteOverride list

A collection of site specific attributes specificed only on GM
array of SiteOverride Maximum items: 128
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_mss_clamping TCP MSS Clamping

TCP Maximum Segment Size Clamping Direction and Value.
TcpMaximumSegmentSizeClamping
tunnel_profile_path IPSec tunnel profile path

Policy path referencing Tunnel profile to be used. Default is set to system default profile.		 string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnSessionListRequestParameters (schema)

IPSecVpnSession list request parameters

Request parameters to get filtered list of IPSecVpnSession.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVpnSessionListResult (schema)

Paged Collection of IPSecVpnSession

Paged Collection of IPSecVpnSession.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSecVpnSession list results

IPSecVpnSession list results.		 array of IPSecVpnSession
(Abstract type: pass one of the following concrete types)
PolicyBasedIPSecVpnSession
RouteBasedIPSecVpnSession		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSecVpnSessionResourceType (schema)

Resource types of IPsec VPN session

A Policy Based VPN requires to define protect rules that match
local and peer subnets. IPSec security associations is
negotiated for each pair of local and peer subnet.
A Route Based VPN is more flexible, more powerful and recommended over
policy based VPN. IP Tunnel port is created and all traffic routed via
tunnel port is protected. Routes can be configured statically
or can be learned through BGP. A route based VPN is must for establishing
redundant VPN session to remote site.

Name Description Type Notes
IPSecVpnSessionResourceType Resource types of IPsec VPN session

A Policy Based VPN requires to define protect rules that match
local and peer subnets. IPSec security associations is
negotiated for each pair of local and peer subnet.
A Route Based VPN is more flexible, more powerful and recommended over
policy based VPN. IP Tunnel port is created and all traffic routed via
tunnel port is protected. Routes can be configured statically
or can be learned through BGP. A route based VPN is must for establishing
redundant VPN session to remote site.
string Enum: PolicyBasedIPSecVpnSession, RouteBasedIPSecVpnSession

IPSecVpnSessionStatisticsNsxT (schema)

IPSec VPN session statistics

IPSec VPN session statistics represents statistics on an NSX-T type of enforcement
point. It gives aggregated statistics of all policies for all the tunnels.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all ipsec tunnels.
IPSecVpnTrafficCounters Readonly
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
display_name Display Name

Display Name of vpn session.		 string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
ike_status Ike status summary

Status for IPSec VPN Ike session UP/DOWN and fail reason if Ike session is down.
IPSecVpnIkeSessionStatus Readonly
ike_traffic_statistics Ike traffic statistics

Traffic statistics for IPSec VPN Ike session.
IPSecVpnIkeTrafficStatistics Readonly
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.
EpochMsTimestamp Readonly
policy_statistics IPSec policy statistics

Gives aggregate traffic statistics across all ipsec tunnels and individual tunnel
statistics.
array of IpSecVpnPolicyTrafficStatistics Readonly
resource_type Must be set to the value IPSecVpnSessionStatisticsNsxT string Required
Enum: IPSecVpnSessionStatisticsNsxT

IPSecVpnSessionStatisticsPerEP (schema)

IPSec VPN Session Statistics Per Enforcement Point

IPSec VPN Session Statistics Per Enforcement Point.
This is an abstract type. Concrete child types:
IPSecVpnSessionStatisticsNsxT

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required
Enum: IPSecVpnSessionStatisticsNsxT

IPSecVpnSessionStatusNsxT (schema)

IPSec VPN session traffic summary

IPSec VPN Session Status represents status on an NSX-T type of enforcement point.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all ipsec tunnels.		 IPSecVpnTrafficCounters Readonly
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
display_name Display Name

Display Name of vpn session.		 string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
failed_tunnels Failed tunnels

Number of failed tunnels.		 integer Readonly
ike_status IKE status

Status for IPSec VPN IKE session UP/DOWN and fail reason if IKE session is down.
IPSecVpnIkeSessionStatus Readonly
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
negotiated_tunnels Negotiated tunnels

Number of negotiated tunnels.		 integer Readonly
resource_type Must be set to the value IPSecVpnSessionStatusNsxT string Required
Enum: IPSecVpnSessionStatusNsxT
runtime_status Session Runtime Status

Gives session status consolidated using IKE status and tunnel status. It can
be UP, DOWN, DEGRADED. If IKE and all tunnels are UP status will be UP, if
all down it will be DOWN, otherwise it will be DEGRADED.
string Readonly
Enum: UP, DOWN, DEGRADED
total_tunnels Total tunnels

Total number of tunnels.		 integer Readonly

IPSecVpnSessionStatusPerEP (schema)

IPSec VPN Session Status Per Enforcement Point

IPSec VPN Session Status Per Enforcement Point.
This is an abstract type. Concrete child types:
IPSecVpnSessionStatusNsxT

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required
Enum: IPSecVpnSessionStatusNsxT

IPSecVpnSubnet (schema)

Subnet for IPSec Policy based VPN

Used to specify the local/peer subnets in IPSec VPN rule.

Name Description Type Notes
subnet Peer or local subnet

Subnet used in policy rule.		 IPv4CIDRBlock Required

IPSecVpnTrafficCounters (schema)

IPSec VPN traffic counters

Traffic counters for IPSec VPN session.

Name Description Type Notes
bytes_in Bytes in

Total number of bytes recevied.		 integer Readonly
bytes_out Bytes out

Total number of bytes sent.		 integer Readonly
dropped_packets_in Dropped incoming packets

Total number of incoming packets dropped on inbound security association.
integer Readonly
dropped_packets_out Dropped outgoing packets

Total number of outgoing packets dropped on outbound security association.
integer Readonly
packets_in Packets in

Total number of packets received.		 integer Readonly
packets_out Packets out

Total number of packets sent.		 integer Readonly

IPSecVpnTransportStatus (schema)

IPSec VPN Session status

Provides IPSec VPN session status.

Name Description Type Notes
resource_type Must be set to the value IPSecVpnTransportStatus string Required
Enum: IPSecVpnTransportStatus
session_status IPSec VPN Session status IPSecVpnSessionStatusNsxT Readonly
transport_tunnel_path Policy path referencing Transport Tunnel

Policy path referencing Transport Tunnel.		 string Readonly

IPSecVpnTunnelInterface (schema)

IP tunnel interface configuration

IP tunnel interface configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_subnets IP Tunnel interface subnet

IP Tunnel interface (commonly referred as VTI) subnet.		 array of TunnelInterfaceIPSubnet Required
Minimum items: 1
Maximum items: 1
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnTunnelInterface string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnTunnelProfile (schema)

IPSec VPN tunnel profile

IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and IPSec tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
df_policy Policy for handling defragmentation bit

Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet.		 string Enum: COPY, CLEAR
Default: "COPY"
dh_groups Dh group

Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.		 array of DhGroup
digest_algorithms Algorithm for message hash

Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm "AES_GCM_128".		 array of IPSecDigestAlgorithm
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_perfect_forward_secrecy Enable perfect forward secrecy

If true, perfect forward secrecy (PFS) is enabled.		 boolean Default: "True"
encryption_algorithms Encryption algorithm to use in IPSec tunnel establishement

Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128.		 array of IPSecEncryptionAlgorithm
extended_attributes Extended Attributes.

Collection of type specific properties. As of now, to hold
encapsulation mode and transform protocol.
array of AttributeVal Readonly
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IPSecVpnTunnelProfile string
sa_life_time Security association (SA) life time

SA life time specifies the expiry time of security association. Default is 3600 seconds.		 integer Minimum: 900
Maximum: 31536000
Default: "3600"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IPSecVpnTunnelProfileListRequestParameters (schema)

IPSecVpnTunnelProfile list request parameters

Request parameters to get filtered list of IPSecVpnTunnelProfile.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSecVpnTunnelProfileListResult (schema)

Paged Collection of IPSecVpnTunnelProfile

Paged Collection of IPSecVpnTunnelProfile.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSecVpnTunnelProfile list results

IPSecVpnTunnelProfile list results.		 array of IPSecVpnTunnelProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSet (schema)

Set of one or more IP addresses

IPSet is used to group individual IP addresses, range of IP addresses or subnets.
An IPSet is a homogeneous group of IP addresses, either of type IPv4 or of type
IPv6. IPSets can be used as source or destination in firewall rules. These can
also be used as members of NSGroups.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_addresses IP addresses array of IPElement Maximum items: 4000
resource_type Must be set to the value IPSet string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IPSetDeleteRequestParameters (schema)

IPSet delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

IPSetListRequestParameters (schema)

IPSet list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IPSetListResult (schema)

Paged collection of IPSets

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPSet list results array of IPSet Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IPSubnet (schema)

Name Description Type Notes
ip_addresses IP Addresses

All IP addresses, some of which may be automatically
configured. When updating this field, the payload may
contain only the IP addresses that should be changed,
or may contain the IP addresses to change as well as
the automatically assigned addresses.
Currently, only one updatable address and one
system-maintained address are supported.
Currently, the system-maintained address supported is
Extended Unique Identifier(EUI)-64 address.
EUI-64 address is generated by the system only when user
configured ip-subnet has prefix length less than
or equal to 64.
array of IPAddress Required
Minimum items: 1
Maximum items: 2
prefix_length Subnet Prefix Length integer Required
Minimum: 1
Maximum: 128

IPsecVPNIKESessionSummary (schema)

IPSec VPN session status summary

IPSec VPN session status summary, gives total, failed, degraded and established IPSec VPN sessions.

Name Description Type Notes
degraded_sessions Degraded sessions

Number of degraded sessions.		 integer Readonly
established_sessions Established sessions

Number of established sessions.		 integer Readonly
failed_sessions Failed sessions

Number of failed sessions.		 integer Readonly
total_sessions Total sessions

Total sessions configured.		 integer Readonly

IPv4Address (schema)

IPv4 address

Name Description Type Notes
IPv4Address IPv4 address string Format: ipv4

IPv4AddressProperties (schema)

IPv4 address properties

Name Description Type Notes
ip_address Interface IPv4 address string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
netmask Interface netmask string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"

IPv4CIDRBlock (schema)

IPv4 CIDR Block

Name Description Type Notes
IPv4CIDRBlock IPv4 CIDR Block string Format: ipv4-cidr-block

IPv4DhcpServer (schema) (Deprecated)

DHCP server to support IPv4 DHCP service

DHCP server to support IPv4 DHCP service. Properties defined at DHCP server
level can be overridden by ip-pool or static-binding level properties.

Name Description Type Notes
dhcp_server_ip DHCP server ip in CIDR format

DHCP server ip in CIDR format.		 IPv4CIDRBlock Required
dns_nameservers DNS ips

Primary and secondary DNS server address to assign host. They can be
overridden by ip-pool or static-binding level property.
array of IPv4Address Minimum items: 0
Maximum items: 2
domain_name Domain name

Host name or prefix to be assigned to host. It can be overridden by
ip-pool or static-binding level property.
string Format: hostname
gateway_ip Gateway ip

Gateway ip to be assigned to host. It can be overridden by ip-pool or
static-binding level property.
IPv4Address
monitor_ippool_usage Enable/disable monitoring DHCP ip-pool usage

Enable or disable monitoring of DHCP ip-pools usage. When enabled, system events are
generated when pool usage exceeds the configured thresholds.
System events can be viewed in REST API /api/v2/hpm/alarms
boolean Default: "False"
options DHCP options

Defines the default options for all ip-pools and static-bindings of this server.
These options will be ignored if options are defined for ip-pools or static-bindings.
DhcpOptions

IPv4DiscoveryOptions (schema)

IPv4 discovery options

Contains IPv4 related discovery options.

Name Description Type Notes
arp_snooping_config ARP snooping configuration

Indicates ARP snooping options		 ArpSnoopingConfig
dhcp_snooping_enabled Is DHCP snooping enabled or not

Indicates whether DHCP snooping is enabled		 boolean Default: "True"
vmtools_enabled Is VM tools enabled or not

Indicates whether fetching IP using vm-tools is enabled.
This option is only supported on ESX where vm-tools is installed.
boolean Default: "True"

IPv6Address (schema)

IPv6 address

Name Description Type Notes
IPv6Address IPv6 address string Format: ipv6

IPv6CIDRBlock (schema)

IPv6 CIDR Block

Name Description Type Notes
IPv6CIDRBlock IPv6 CIDR Block string Format: ipv6-cidr-block

IPv6DADStatus (schema)

IPv6 DAD status

Name Description Type Notes
ip_address IP address

IP address on the port for which DAD status is reported.
IPAddress Readonly
status DAD Status

DAD status for IP address on the port.
DADStatus Readonly
transport_node Transport node

Array of transport node id on which DAD status is reported for
given IP address.
array of ResourceReference Readonly

IPv6DhcpServer (schema) (Deprecated)

DHCP server to support IPv6 DHCP service

DHCP server to support IPv6 DHCP service. Properties defined at DHCP server
level can be overridden by ip-pool or static-binding level properties.

Name Description Type Notes
dhcp_server_ip DHCP server ip in CIDR format

DHCP server ip in CIDR format.		 IPv6CIDRBlock
dns_nameservers DNS ips

Primary and secondary DNS server address to assign host. They can be
overridden by ip-pool or static-binding level property.
array of IPv6Address Minimum items: 0
Maximum items: 2
domain_names Domain name

Host name or prefix to be assigned to host. It can be overridden by
ip-pool or static-binding level property.
array of string
server_id DHCP server id

DHCP server id.		 string Readonly
sntp_servers SNTP server ips

SNTP server ips.		 array of IPv6Address Minimum items: 0
Maximum items: 2

IPv6DiscoveryOptions (schema)

IPv6 discovery options

Contains IPv6 related discovery options.

Name Description Type Notes
dhcp_snooping_v6_enabled Is DHCP snoping v6 enabled or not

Enable this method will snoop the DHCPv6 message transaction
which a VM makes with a DHCPv6 server. From the transaction, we
learn the IPv6 addresses assigned by the DHCPv6 server to this VM
along with its lease time.
boolean Default: "False"
nd_snooping_config ND snooping configuration

Indicates ND snooping options		 NdSnoopingConfig
vmtools_v6_enabled Enable this method will learn the IPv6 addresses which are
configured on interfaces of a VM with the help of the VMTools software.
boolean Default: "False"

IPv6Profiles (schema)

Name Description Type Notes
dad_profile_id DAD profile identifier

Identifier of Duplicate Address Detection profile.
DAD profile has various configurations related to duplicate
address detection. If no profile is associated manually to the router,
then the system defined default DAD profile will be automatically
applied.
string
ndra_profile_id NDRA profile identifier

Identifier of Neighbor Discovery Router Advertisement profile.
NDRA profile has various configurations required for router
advertisement. If no profile is associated manually to the router,
then the system defined default NDRA profile will be automatically
applied.
string

IPv6Status (schema)

IPv6 status

Name Description Type Notes
connected_segment_path Connected segment path

Path of the segment attached to the interface.
string Readonly
dad_statuses IPv6 DAD status

Array of DAD status which contains DAD information for IP addresses
on the interface.
array of IPv6DADStatus Readonly
interface_id Policy path or realization ID of interface

Policy path or realization ID of interface for which IPv6 DAD
status is returned.
string
tier0_gateway Tier-0 Gateway

Tier-0 Gateway this router Link belongs to.
string
tier1_gateway Tier-1 Gateway

Tier-1 Gateway this router Link belongs to.
string

IcmpEchoRequestHeader (schema)

Name Description Type Notes
id ICMP id integer Minimum: 0
Maximum: 65535
Default: "0"
sequence ICMP sequence number integer Minimum: 0
Maximum: 65535
Default: "0"

Icon (schema)

Icon

Icon to be applied at dashboard for widgets and UI elements.

Name Description Type Notes
color Icon color applied to icon in hex format

Icon color applied to icon in hex format.		 string
placement Position at which to display icon, if any

If specified as PRE, the icon appears before the UI element. If set as POST, the icon appears after the UI element.		 string Enum: PRE, POST
Default: "PRE"
size Icon size in unit

Icon size in unit applied to icon.A unit can be specified by the 'size_unit' property.		 number Minimum: 1
size_unit Icon size unit in rem/px/pc

Icon size unit applied to icon along with size. if 'size' property value is provided and no value is provided for this property then default value for this proerty is set to 'px'.		 string Enum: px, rem, pc
tooltip Multi-line tooltip

Multi-line text to be shown on tooltip while hovering over the icon.		 array of Tooltip
type Type of icon

Icon will be rendered based on its type. For example, if ERROR is chosen, then icon representing error will be rendered. or else custom svg icon name can be given.		 string

IdentityGroupExpression (schema)

IdentityGroup expression node

Represents a list of identity group (Ad group SID) expressions.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
identity_groups Array of identity group

This array consists of set of identity group object. All members within this array are implicitly OR'ed together.		 array of IdentityGroupInfo Required
Minimum items: 1
Maximum items: 500
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdentityGroupExpression string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdentityGroupInfo (schema)

Identity (Directory) group

Name Description Type Notes
distinguished_name LDAP distinguished name

Each LDAP object is uniquely identified by its distinguished name (DN).
A DN is a sequence of relative distinguished names (RDN) connected by commas.
e.g. CN=Larry Cole,CN=admin,DC=corp,DC=acme,DC=com.
A valid fully qualified distinguished name should be provided to include specific groups else
the create / update realization of the Group containing an invalid/ partial DN will fail.
This value is valid only if it matches to exactly 1 LDAP object on the LDAP server.
string Required
domain_base_distinguished_name Identity (Directory) domain base distinguished name

This is the base distinguished name for the domain where this particular group
resides. (e.g. dc=example,dc=com)
Each active directory domain has a domain naming context
(NC), which contains domain-specific data. The root of
this naming context is represented by a domain's
distinguished name (DN) and is typically referred to as
the NC head.
string Required
sid Identity (Directory) Group SID (security identifier)

A security identifier (SID) is a unique value of variable length
used to identify a trustee. A SID consists of the following components:
The revision level of the SID structure;
A 48-bit identifier authority value that identifies the
authority that issued the SID;
A variable number of subauthority or relative identifier
(RID) values that uniquely identify the trustee relative
to the authority that issued the SID.
This field is only populated for Microsoft Active Directory identity store.
string

IdentitySourceLdapServer (schema)

An LDAP server

Information about a single LDAP server.

Name Description Type Notes
bind_identity Username or DN for LDAP authentication

A username used to authenticate to the directory when admnistering roles in NSX. This user should have privileges to search the LDAP directory for groups and users. This user is also used in some cases (OpenLDAP) to look up an NSX user's distinguished name based on their NSX login name. If omitted, NSX will authenticate to the LDAP server using an LDAP anonymous bind operation. For Active Directory, provide a userPrincipalName (e.g. [email protected]) or the full distinguished nane. For OpenLDAP, provide the distinguished name of the user (e.g. uid=admin, cn=airius, dc=com).		 string
certificates TLS certificate(s) for LDAP server(s)

If using LDAPS or STARTTLS, provide the X.509 certificate of the LDAP server in PEM format. This property is not required when connecting without TLS encryption and is ignored in that case.		 array of string
enabled If true, this LDAP server is enabled

Allows the LDAP server to be enabled or disabled. When disabled, this LDAP server will not be used to authenticate users.		 boolean Default: "True"
password Username for LDAP authentication

A password used when authenticating to the directory.		 string
url The URL for the LDAP server

The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme.		 string Required
use_starttls Enable/disable StartTLS

If set to true, Use the StartTLS extended operation to upgrade
the connection to TLS before sending any sensitive information.
The LDAP server must support the StartTLS extended operation
in order for this protocol to operate correctly. This option
is ignored if the URL scheme is LDAPS.
boolean Default: "False"

IdentitySourceLdapServerEndpoint (schema)

An LDAP server endpoint

Information about a single LDAP server endpoint.

Name Description Type Notes
url The URL for the LDAP server

The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme.		 string Required
use_starttls Eanble/disable StartTLS

If set to true, Use the StartTLS extended operation to upgrade
the connection to TLS before sending any sensitive information.
The LDAP server must support the StartTLS extended operation
in order for this protocol to operate correctly. This option
is ignored if the URL scheme is LDAPS.
boolean Default: "False"

IdentitySourceLdapServerProbeResult (schema)

Results from one LDAP server probe

The results of probing an individual LDAP server.

Name Description Type Notes
errors Error details

Detail about errors encountered during the probe.		 array of LdapProbeError
result Overall result

Overall result of the probe. If the probe was able to connect to the LDAP service, authenticate using the provided credentials, and perform searches of the configured user and group search bases without error, the result is SUCCESS. Otherwise, the result is FAILURE, and additional details may be found in the errors property.		 string Enum: SUCCESS, FAILURE
url LDAP Server URL

THe URL of the probed LDAP host.		 string

IdfwComputeCollectionCondition (schema)

IDFW Compute collection status.

Status of the Identity Firewall enabled Compute collection.

Name Description Type Notes
status IDFW enabled Compute collection status. string Required
Enum: UNKNOWN, UP, DOWN, DFW_DISABLED, IDFW_ENABLED, IDFW_DISABLED
status_detail Compute collection status.

Status of the Compute collection.		 string

IdfwComputeCollectionListResult (schema)

List of IDFW enabled compute collections connected to VC

List of compute collection ids and status connected to VC.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of IDFW ComputeCollection.

Array of IDFW compute collection Ids and status connected to VC.		 array of IdfwComputeCollectionStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdfwComputeCollectionStatus (schema)

IDFW compute collection ID and status.

compute collection ID and status connected to VC.

Name Description Type Notes
compute_collection_id IDFW compute collection ID.

IDFW compute collection ID connected to VC.		 string Required
compute_collection_status Compute collection status.

IDFW enabled compute collection status.		 array of IdfwComputeCollectionCondition

IdfwDirGroupUserSessionMapping (schema)

Identity Firewall NSGorup to user mapping to link DirGroup to user session data

Identity Firewall NSGorup to user mapping to link DirGroup to user session data.

Name Description Type Notes
dir_group_id Directory Group ID

Directory Group ID.		 string Required
Readonly
user_id User ID

User ID.		 string Required
Readonly

IdfwEnabledComputeCollection (schema)

Identity Firewall enabled compute collection

Compute collection enabled for Identity Firewall where login events will be
collected.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
compute_collection_id Compute collection ID

Compute collection ID.		 string Required
compute_collection_name Compute collection name

Compute collection name.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enabled/disabled

Compute collection enabled status (true=Enabled / false=Disabled).		 boolean Required
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IdfwEnabledComputeCollection string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IdfwEnabledComputeCollectionListResult (schema)

Identity Firewall enabled compute collection list

List of compute collections enabled for IDFW where login events will be
collected.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of IDFW Enabled Compute Collections

Array of IDFW Enabled Compute Collections.		 array of IdfwEnabledComputeCollection Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdfwMasterSwitchSetting (schema)

Identity Firewall master switch setting

Identity Firewall master switch setting. This setting enables or disables
Identity Firewall feature across the system. It affects compute collections,
hypervisor and virtual machines. This operation is expensive and also has big
impact and implication on system perforamce.

Name Description Type Notes
idfw_master_switch_enabled IDFW master switch

IDFW master switch (true=Enabled / false=Disabled).		 boolean Required

IdfwNsgroupVmDetailListResult (schema)

Identity Firewall user login/session data for a single NSGroup

Identity Firewall user login/session data for a single NSGroup.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
ns_group_id NSGroup ID string Required
Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of user login/session data for a single VM array of IdfwVmDetail Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdfwStandaloneHostsSwitchSetting (schema)

Identity Firewall standalone hosts switch setting

Identity Firewall standalone hosts switch setting. This setting enables or
disables Identity Firewall feature on all standalone hosts.

Name Description Type Notes
standalone_hosts_enabled IDFW standalone hosts switch

IDFW standalone hosts switch (true=Enabled / false=Disabled).		 boolean Required

IdfwSystemStats (schema)

Identity Firewall statistics data

Identity Firewall statistics data.

Name Description Type Notes
num_concurrent_users Number of concurrent logged on users (across VDI & RDSH)

Number of concurrent logged on users (across VDI & RDSH). Multiple
logins by the same user is counted as 1.
int Required
num_user_sessions Number of active user sessions/logins

Number of active user sessions/logins in IDFW enabled compute collections
(including both UP and DOWN hosts). N sessions/logins by the same user
is counted as n.
int Required

IdfwTransportNodeCondition (schema)

IDFW transport node status.

Status of the Identity Firewall Compute Collection's transport node.

Name Description Type Notes
status IDFW TransportNode status.

Transport node status for IDFW compute collection.		 string Required
Enum: UNKNOWN, UP, DOWN, NOT_PREPARED, IDFW_COMPONENT_NOT_INSTALLED, DFW_DISABLED, IDFW_DISABLED
status_detail IDFW transport node condition.

IDFW Compute collection's transport node condition.		 string

IdfwTransportNodeStatus (schema)

IDFW transport node ID and status.

ID and status of the Identity Firewall enabled Compute collection's
transport node.

Name Description Type Notes
transport_node_id IDFW TransportNode ID.

TransportNode ID of the Identity Firewall enabled Compute
collection's transport node.
string Required
transport_node_status IDFW TransportNode status.

Status of the IDFW transport node.		 array of IdfwTransportNodeCondition Required

IdfwTransportNodeStatusListResult (schema)

IDFW enabled Compute collection transport node and status list.

Status of the Identity Firewall enabled Compute collection
transport nodes.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDFW enabled Compute collection transport node list.

List of transport node ids and status for idfw enabled
Compute collection.
array of IdfwTransportNodeStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdfwUserSessionData (schema)

Identity Firewall user session data on client machine

Identity Firewall user session data on a client machine (typically a VM).
Multiple entries for the same user can be returned if the user logins to
multiple sessions on the same VM.

Name Description Type Notes
domain_name AD Domain

AD Domain of user.		 string Required
id User session data Identifier

Identifier of user session data.		 string Readonly
login_time Login time

Login time.		 EpochMsTimestamp Required
logout_time Logout time if applicable

Logout time if applicable. An active user session has no logout time.
Non-active user session is stored (up to last 5 most recent entries) per
VM and per user.
EpochMsTimestamp
session_source Source for the user session

User session source can be one of:
- GI (Guest Introspection)
- ELS (AD Event log server)
- LI (Log Insight)
string Readonly
Enum: GI, ELS, LI
user_id AD user ID (may not exist)

AD user ID (may not exist).		 string Readonly
user_name AD user name

AD user name.		 string Required
user_session_id User session ID

User session ID. This also indicates whether this is VDI / RDSH.		 int Required
vm_ext_id Virtual machine external ID or BIOS UUID

Virtual machine (external ID or BIOS UUID) where login/logout events occurred.		 string Required
Readonly

IdfwUserSessionDataAndMappings (schema)

Identity Firewall user session data list and Directory Group to user mappings

Identity Firewall user session data list and Directory Group to user mappings.

Name Description Type Notes
active_user_sessions Active user session data list array of IdfwUserSessionData Required
archived_user_sessions Archived user session data list array of IdfwUserSessionData Required
dir_group_to_user_session_data_mappings Directory Group to user session data mappings array of IdfwDirGroupUserSessionMapping Required

IdfwUserStats (schema)

Identity Firewall user login/session data for a single user

Identity Firewall user login/session data for a single user.

Name Description Type Notes
active_sessions List of active (still logged in) user login/sessions data (no limit) array of IdfwUserSessionData Required
archived_sessions List of archived (previously logged in) user login/session data

Optional list of up to 5 most recent archived (previously logged in) user
login/session data.
array of IdfwUserSessionData
user_id AD user Identifier (String ID) string Required
Readonly

IdfwVirtualMachineCondition (schema)

IDFW VM Status.

Status of the Identity Firewall compute collection's VM.

Name Description Type Notes
status VM IDFW Status. string Required
Enum: UNKNOWN, UP, DOWN, VM_TOOLS_NOT_INSTALLED, IDFW_NOT_SUPPORTED, DFW_DISABLED, IDFW_DISABLED
status_detail IDFW VM condition.

IDFW compute collection's VM condition.		 string

IdfwVirtualMachineStatus (schema)

IDFW VM ID and status.

ID and status of the VM on Identity Firewall compute collection.

Name Description Type Notes
vm_id IDFW Virtual Machine ID.

VM ID of the VM on Identity Firewall compute collection.
string Required
vm_status IDFW VM status.

Status of the Identity Firewall compute collection's Virtual Machine.
array of IdfwVirtualMachineCondition Required

IdfwVirtualMachineStatusListResult (schema)

IDFW VM ID and status.

VM ID and status of the Identity Firewall Compute collection.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDFW Virtual machine list.

List of VM's on Identity Firewall Compute collection.		 array of IdfwVirtualMachineStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdfwVmDetail (schema)

Identity Firewall user login/session data for a single VM

Identity Firewall user login/session data for a single VM

Name Description Type Notes
last_login_user_session Last logged in user and time (if exists)

Record of the last logged in user session (if exists).		 ResourceReference
user_sessions List of user session data

List of user session data.		 array of IdfwUserSessionData Required
vm_ext_id Virtual machine external ID or BIOS UUID

Virtual machine (external ID or BIOS UUID) where login/logout event occurred.		 string Required
vm_ip_addresses Client VM IP addresses

List of client machine IP addresses.		 array of string

IdfwVmStats (schema)

Identity Firewall user login/session data for a single VM

Identity Firewall user login/session data for a single VM.

Name Description Type Notes
active_sessions List of active (still logged in) user login/sessions data (no limit) array of IdfwUserSessionData Required
archived_sessions Optional list of archived (previously logged in) user login/session data (maximum 5)

Optional list of up to 5 most recent archived (previously logged in) user login/session data.		 array of IdfwUserSessionData
vm_ext_id Virtual machine external ID or BIOS UUID

Virtual machine (external ID or BIOS UUID) where login/logout event occurred.		 string Required

IdsClusterConfig (schema)

Intrusion Detection System cluster configuration

IDS configuration to enable/disable IDS on cluster level.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cluster PolicyResourceReference

Contains policy resource reference object		 PolicyResourceReference Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ids_enabled Ids enabled flag

If set to true, IDS is enabled on the respective cluster		 boolean Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsClusterConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsClusterConfigListRequestParameters (schema)

IDS cluster config request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IdsClusterConfigListResult (schema)

Paged collection of IDS cluster configuration

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Cluster wise IDS configuration list results array of IdsClusterConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsEventFlowData (schema)

IDS event flow data

IDS event flow data specific to each IDS
event. The data includes source ip, source
port, destination ip, destination port,
protocol, rule id, profile id, and the
action.

Name Description Type Notes
action_type IDS Event action

The action pertaining to the detected intrusion. Possible values are ALERT, DROP, REJECT, and INVALID. ALERT - If there is a signature match on the packet, it is allowed to pass but a notification is sent to the user notifying an intrusion was detected. DROP - On a signature match, the packet is silently dropped. An alert is sent to the user that an intrusion was detected. REJECT - On a signature match, the packet is dropped and TCP RST or ICMP error messages (for non-TCP pkts) are sent to the endpoints. An alert is sent to the user that an intrusion was detected. INVALID - If the action doesn't belong to any of the above mentioned categories, it is marked as INVALID.		 string Readonly
Enum: ALERT, DROP, REJECT, INVALID
bytes_toclient Bytes to client

Bytes sent to client.		 integer Readonly
bytes_toserver Bytes to server

Bytes sent to server.		 integer Readonly
client_ip IP address of the client VM

IP address of the VM that initiated the communication.		 string Readonly
destination_ip IP address of the destination VM

IP address of the destination VM on the intrusion flow.		 string Readonly
destination_port Destination port

Port on the destination VM where the traffic was sent to.		 integer Readonly
local_vm_ip IP address of the local VM

IP address of VM on the host where IDS engine is running.		 string Readonly
profile_id IDS profile id

The IDS profile id that is associated with the IDS rule pertaining to the intrusion event detected.		 string Readonly
protocol Traffic protocol pertaining to the intrusion

Traffic protocol pertaining to the detected intrusion, could be TCP/UDP etc.		 string Readonly
rule_id IDS Rule id of detected intrusion

The IDS Rule id pertaining to the detected intrusion.		 integer Readonly
source_ip IP address of the source VM

IP address of the source VM on the intrusion flow.		 string Readonly
source_port Source port

Source port through which traffic was initiated that caused the intrusion to be detected.		 integer Readonly

IdsFileUpload (schema)

File of IDS signatures that is uploaded

Name Description Type Notes
file IDS signatures file multipart_file Required

IdsGatewayPolicy (schema)

Contains ordered list of IDS Rules

Represents the Intrusion Detection System Gateway Policy, which contains
the list of IDS Rules.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildIdsRule
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsGatewayPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules IDS Rules that are a part of this SecurityPolicy array of IdsRule
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsGatewayPolicyListResult (schema)

Paged collection of IDS Gateway policies

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDS Gateway policy list results array of IdsGatewayPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsGlobalConfig (schema)

NSX global configs for Distributed Intrusion Services

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
global_idsevents_to_syslog_enabled A flag to indicate if IDS events need to be sent to syslog

When this flag is set to true, IDS events would be sent to syslog.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IdsGlobalConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IdsGlobalEventConfig (schema)

Intrusion Detection System global event configuration

Represents IDS event publishing configuration for NSX-I and NDR.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ids_data_topic_name kafka topic into which to publish IDS events. string Default: "ids_data"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_ids_events A flag to indicate if IDS events need to be sent to kafka

When this flag is set to true, IDS events will
be sent to kafka, for consumption by components such as
NSX-I and NDR.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsGlobalEventConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsPolicy (schema)

Contains ordered list of IDS Rules

Represents the Intrusion Detection System Policy, which contains
the list of IDS Rules.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules IDS Rules that are a part of this SecurityPolicy array of IdsRule
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsProfile (schema)

Intrusion Detection System Profile

IDS Profile which contains the signatures and will be used in IDS rules.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
criteria Filtering criteria of IDS Profile

Represents the filtering criteria for the IDS Profile.
1. A non-empty criteria list, must be of odd size. In a list, with
indices starting from 0, all IdsProfileFilterCriteria must be at even indices,
separated by the IdsProfileConjunctionOperator AND at odd indices.
2. There may be at most 7 IdsProfileCriteria objects inside a list.
array of IdsProfileCriteria
(Abstract type: pass one of the following concrete types)
IdsProfileConjunctionOperator
IdsProfileFilterCriteria		 Maximum items: 7
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
overridden_signatures Represents the signatures that is overridden for the Profile

Represents the signatures that has been overridden for this Profile.
array of IdsProfileLocalSignature
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_severity IDS Profile severity

Represents the severities of signatures which are part of this profile.
array of ProfileSeverity
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsProfile string
severities IDS Profile severity

Represents the severities of signatures which are part of this profile.
array of IdsProfileSeverity Deprecated
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsProfileConjunctionOperator (schema)

Represents the operator AND

Represents the operator AND.

Name Description Type Notes
operator IDS Profile Filter Condition string Required
Enum: AND
resource_type Must be set to the value IdsProfileConjunctionOperator string Required
Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria

IdsProfileCriteria (schema)

Base class for IDS Profile criteria

All the filtering criteria objects extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
IdsProfileConjunctionOperator
IdsProfileFilterCriteria

Name Description Type Notes
resource_type string Required
Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria

IdsProfileFilterCriteria (schema)

IDS Profile filter criteria

Represents the filtering criteria of a IDS Profile.

Name Description Type Notes
filter_name Represents the filter name

Represents the filter for IDS Profile.
string Required
Enum: CVSS, ATTACK_TARGET, ATTACK_TYPE, PRODUCT_AFFECTED
filter_value Represents the value of selected filter name

Represents the value of selected filter name.
Note : The supported values for filter name CVSS are
NONE, LOW, MEDIUM, HIGH, CRITICAL.
NONE means CVSS score as 0.0
LOW means CVSS score as 0.1-3.9
MEDIUM means CVSS score as 4.0-6.9
HIGH means CVSS score as 7.0-8.9
CRITICAL means CVSS score as 9.0-10.0
array of string Required
resource_type Must be set to the value IdsProfileFilterCriteria string Required
Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria

IdsProfileListRequestParameters (schema)

IDS profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IdsProfileListResult (schema)

Paged collection of IDS profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDS profile list results array of IdsProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsProfileLocalSignature (schema)

IDS Profile local signature

IDS Profile local signature.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Global IDS signature's action

It denotes the global action of a IDS Signature.
This will take precedence over IDS signature's action.
string Enum: ALERT, DROP, REJECT
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable Flag to Enable/Disable a IDS Signature globally.

Flag through which user can Enable/Disable a Signature at Global Level.
boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsProfileLocalSignature string
signature_id Signature ID

Represents the Signature's id.
string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsProfileSeverity (schema)

Intrusion Detection System Profile severity

Intrusion Detection System Profile severity.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ignore_signatures Represents the signatures that will be ignored

Contains the id of signatures that will be ignored as part of the profile.
This field is deprecated, please use ignore_signatures field under IdsProfile
to ignore the signatures.
array of string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsProfileSeverity string
severity Severity of profile

Represents the severity of a profile.
string Required
Enum: CRITICAL, HIGH, MEDIUM, LOW, SUSPICIOUS
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsProfileSignatures (schema)

IDS Profile Signatures

An entity that holds the list of IDS signatures attached
to an IDS Profile depending upon the Profile's criteria.
These are the Signatures which needs to be detected.

Name Description Type Notes
profile_path IDS Profile path

Represents the Path of the IDS Profile.
string
signatures IDS Signatures

List of IDS signature ids which need to be detected.		 array of string Minimum items: 1
Maximum items: 30000

IdsRule (schema)

A rule specifies the IDS security policy rule between the workload groups

Represents the Intrusion Detection System rule which indicates the action to be performed for the corresponding workload groups.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action

The action to be applied.
string Enum: DETECT, DETECT_PREVENT
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_groups Destination group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
destinations_excluded Negation of destination groups

If set to true, the rule gets applied on all the groups that are
NOT part of the destination groups. If false, the rule applies to the
destination groups
boolean Default: "False"
direction Direction

Define direction of traffic.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Flag to disable the rule

Flag to disable the rule. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ids_profiles IDS profiles

collections of IDS or Anti-Malware profiles. At Max 1 each Profile will be supported.
array of string Minimum items: 1
Maximum items: 2
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.
The value is set to IPV4_IPV6 for Layer3 rule if not specified.
For Layer2/Ether rule the value must be null.
string Enum: IPV4, IPV6, IPV4_IPV6
is_default Default rule flag

A flag to indicate whether rule is a default rule.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
notes Text for additional notes on changes

Text for additional notes on changes.		 string Maximum length: 2048
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profiles Layer 7 service profiles or TLS action profile

Holds the list of layer 7 service profile paths. These profiles accept
attributes and sub-attributes of various network services
(e.g. L4 AppId, encryption algorithm, domain name, etc) as key value
pairs. Instead of Layer 7 service profiles you can use a L7 access profile.
One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule.
In case of L7 access profile only one is allowed.
array of string Maximum items: 128
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsRule string
rule_id Unique rule ID

This is a unique 4 byte positive number that is assigned by the system.
This rule id is passed all the way down to the data path. The first 1GB
(1000 to 2^30) will be shared by GM and LM with zebra style striped
number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM
and so on.
integer Readonly
scope The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied
on multiple LRs/LRPs.
array of string Maximum items: 128
sequence_number Sequence number of the this Rule

This field is used to resolve conflicts between multiple
Rules under Security or Gateway Policy for a Domain
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple rules with the same
sequence number then their order is not deterministic. If a specific
order of rules is desired, then one has to specify unique sequence
numbers or use the POST request on the rule entity with
a query parameter action=revise to let the framework assign a
sequence number
int Minimum: 0
service_entries Raw services

In order to specify raw services this can be used,
along with services which contains path to services.
This can be empty or null.
array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Maximum items: 128
services Names of services

In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
array of string Maximum items: 128
source_groups Source group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
sources_excluded Negation of source groups

If set to true, the rule gets applied on all the groups that are
NOT part of the source groups. If false, the rule applies to the
source groups
boolean Default: "False"
tag Tag applied on the rule

User level field which will be printed in CLI and packet logs.
Even though there is no limitation on length of a tag, internally
tag will get truncated after 32 characters.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsRuleListRequestParameters (schema)

IDS rule request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IdsRuleListResult (schema)

Paged collection of IDS rules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDS rule list results array of IdsRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsRuleStatistics (schema)

IDS Rule Statistics

IDS Rule Statistics.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
byte_count Bytes count

Aggregated number of bytes processed by the rule.
integer Readonly
hit_count Hits count

Aggregated number of hits received by the rule.		 integer Readonly
internal_rule_id NSX internal rule id

Realized id of the rule on NSX MP. Policy Manager can create more than
one rule per policy rule, in which case this identifier helps to
distinguish between the multple rules created.
string Readonly
l7_accept_count L7 Accept count

Aggregated number of L7 Profile Accepted counters received by the rule.		 integer Readonly
l7_reject_count L7 Reject count

Aggregated number of L7 Profile Rejected counters received by the rule.		 integer Readonly
l7_reject_with_response_count L7 Reject with response count

Aggregated number of L7 Profile Rejected with Response counters received by the rule.		 integer Readonly
lr_path Logical Router (Tier-0/Tier1) path

Path of the LR on which the section is applied in case of Edge FW.		 string Readonly
max_popularity_index The maximum popularity index

Maximum value of popularity index of all rules of the type.
This is aggregated statistic which are computed with lower
frequency compared to individual generic rule statistics.
It may have a computation delay up to 15 minutes in response
to this API.
integer Readonly
max_session_count Maximum Sessions count

Maximum value of sessions count of all rules of the type.
This is aggregated statistic which are computed with lower
frequency compared to generic rule statistics. It may have
a computation delay up to 15 minutes in response to this API.
integer Readonly
packet_count Packets count

Aggregated number of packets processed by the rule.
integer Readonly
popularity_index The index of the popularity of rule

This is calculated by sessions count divided by age of the rule.		 integer Readonly
rule Rule path

Path of the rule.		 string Readonly
session_count sessions count

Aggregated number of sessions processed by the rule.
integer Readonly
total_session_count Total Sessions count

Aggregated number of sessions processed by all the rules
This is aggregated statistic which are computed with lower
frequency compared to individual generic rule statistics.
It may have a computation delay up to 15 minutes in
response to this API.
integer Readonly

IdsRuleStatisticsForEnforcementPoint (schema)

IDS Rule statistics for an enforcement point

IDS Rule statistics for a specfic enforcement point.

Name Description Type Notes
enforcement_point Enforcement point path

IDS Rule statistics for a single enforcement point		 string Readonly
statistics IDS Rule Statistics

Statistics for the specified enforcement point		 IdsRuleStatistics Readonly

IdsRuleStatisticsListResult (schema)

Paged Collection of IDS rule statistics

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IdsRuleStatistics list results array of IdsRuleStatisticsForEnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsSecurityPolicy (schema)

Contains ordered list of IDS Rules

Represents the Intrusion Detection System Security Policy, which contains
the list of IDS Rules.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildIdsRule
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsSecurityPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules IDS Rules that are a part of this SecurityPolicy array of IdsRule
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsSecurityPolicyListRequestParameters (schema)

IDS security policy request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
include_rule_count Include the count of rules in policy

If true, populate the rule_count field with the count of rules in
the particular policy. By default, rule_count will not be populated.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IdsSecurityPolicyListResult (schema)

Paged collection of IDS security policies

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDS security policy list results array of IdsSecurityPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsSecurityPolicyStatistics (schema)

IDS Security Policy Statistics

IDS RSecurity Policy Statistics.

Name Description Type Notes
internal_section_id NSX internal section id

Realized id of the section on NSX MP. Policy Manager can create more than
one section per SecurityPolicy, in which case this identifier helps to
distinguish between the multiple sections created.
string Readonly
lr_path Logical Router (Tier-0/Tier1) path

Path of the LR on which the section is applied in case of Gateway Firewall.
string Readonly
result_count Rule stats count

Total count for rule statistics		 integer Required
Readonly
results Statistics for all rules

List of rule statistics.		 array of RuleStatistics Readonly
Maximum items: 1000

IdsSecurityPolicyStatisticsForEnforcementPoint (schema)

IDS Security policy statistics for an enforcement point

Aggregate statistics of all the IDS rules in a security policy for a specific
enforcement point.

Name Description Type Notes
enforcement_point Enforcement point path

Enforcement point to fetch the statistics from.		 string Readonly
statistics IDS Security Policy Statistics

Statistics for the specified enforcement point		 IdsSecurityPolicyStatistics Readonly

IdsSecurityPolicyStatisticsListResult (schema)

Paged Collection of IDS Security Policy statistics

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDS Security Policy statistics list results array of IdsSecurityPolicyStatisticsForEnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsSettings (schema)

Intrusion Detection System settings

Represents the Intrusion Detection System settings.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auto_update Auto update signatures flag

Parameter to let the user decide whether to update the IDS Signatures
automatically or not.
boolean Default: "False"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildGlobalIdsSignature
ChildIdsClusterConfig
ChildIdsProfile
ChildIdsStandaloneHostConfig
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ids_events_to_syslog Flag to send IDS events to syslog server.

Flag to send IDS events to syslog server.
boolean Default: "False"
ids_ever_enabled Flag which tells whether IDS was ever enabled.

Flag which tells whether IDS was ever enabled.
boolean Readonly
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsSettings string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsSignature (schema)

Intrusion Detection System Signature

Intrusion Detection System Signature .

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Represents the signature's action

Signature action.
string
attack_target Signature attack target

Target of the signature.
string
categories IDS Signature Internal category

Represents the internal categories a signature belongs to.
array of IdsSignatureInternalCategory
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
class_type Signature class type

Class type of Signature.
string
confidence Confidence

Signature's confidence score.		 string
cves Represents the cve score.

CVE score
array of string
cvss CVSS of signature

Represents the cvss value of a Signature.
The value is derived from cvssv3 or cvssv2 score.
NONE means cvssv3/cvssv2 score as 0.0
LOW means cvssv3/cvssv2 score as 0.1-3.9
MEDIUM means cvssv3/cvssv2 score as 4.0-6.9
HIGH means cvssv3/cvssv2 score as 7.0-8.9
CRITICAL means cvssv3/cvssv2 score as 9.0-10.0
string Enum: NONE, LOW, MEDIUM, HIGH, CRITICAL
cvss_score Signature CVSS score

Represents the cvss value of a Signature.
The value is derived from cvssv3 or cvssv2 score.
If cvssv3 exists, then this is the cvssv3 score, else
it is the cvssv2 score.
string
cvssv2 Signature cvssv2 score

Signature cvssv2 score.
string
cvssv3 Signature cvssv3 score

Signature cvssv3 score.
string
description Description of this resource string Maximum length: 1024
Sortable
direction Direction

Source-destination direction.		 string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable Enable/Disable flag

Flag which tells whether the signature is enabled or not.
boolean
flow Flow established.

Flow established from server, from client etc.
string
id Unique identifier of this resource string Sortable
impact Impact

Impact of Signature.		 string
malware_family Malware Family

Family of the malware tracked in the signature.		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mitre_attack MitreAttack

Mitre Attack details of Signature.		 array of MitreAttack
name Represents the signature name

Signature name.
string
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
performance_impact Performance impact

Performance impact of the signature.		 string
policy Policy

Signature policy.		 array of string
product_affected Signature product affected

Product affected by this signature.
string
protocol Protocol

Protocol used in the packet analysis.		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsSignature string
risk_score Risk Score

Risk score of signature.		 string
severity Signature severity

Represents the severity of the Signature.
string
signature_id Signature ID

Represents the Signature's id.
string
signature_revision Signature revision

Represents revision of the Signature.
string
signature_severity Signature severity

Signature vendor set severity of the signature rule.		 string
tag Signature tag

Vendor assigned classification tag.		 array of string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type

Signature type.		 array of string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
urls List of mitre attack URLs pertaining to signature.

List of mitre attack URLs pertaining to signature
array of string

IdsSignatureInternalCategory (schema)

IDS signature internal categories

Represents the internal categories.
APPLICATION : IDS signature having protocol comes under APPLICATION internal category.
MALWARE: IDS signature having malware_family comes under this internal category.
VULNERABILITY : IDS signature having cvssv3 score comes under this internal category.

Name Description Type Notes
IdsSignatureInternalCategory IDS signature internal categories

Represents the internal categories.
APPLICATION : IDS signature having protocol comes under APPLICATION internal category.
MALWARE: IDS signature having malware_family comes under this internal category.
VULNERABILITY : IDS signature having cvssv3 score comes under this internal category.
string Enum: APPLICATION, MALWARE, VULNERABILITY

IdsSignatureListRequestParameters (schema)

IDS signature request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IdsSignatureListResult (schema)

Paged collection of IDS signatures

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDS signature list results array of IdsSignature Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsSignatureStatus (schema)

Intrusion Detection System signature status

Ids signature status.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
download_status IDS signature download status

READY means signatures were downloaded and parsed successfully.
PENDING means that signatures download is in progress.
ERROR means error occurred during signature processing.
DISABLED means IDS is disabled.
string Readonly
Enum: READY, PENDING, ERROR, DISABLED
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsSignatureStatus string
signature_status IDS signature status

AVAILABLE means the signatures are available for the version.
UNAVAILABLE means there are no available signatures for the version.
string Readonly
Enum: AVAILABLE, UNAVAILABLE
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
version_id Version Id

Represents the version id.
string Readonly

IdsSignatureVersion (schema)

Intrusion Detection System signature version

It represents the version information corresponding to which the
signatures will be available.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
change_log Change log

Represents the version's change log.
string Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsSignatureVersion string
state State of the Version

This flag tells which Version is currently active.
ACTIVE: It means the signatures under this version is currently been used
under IDS Profiles.
NOTACTIVE: It means signatures of this version are available but not
being used in IDS Profiles.
string Readonly
Enum: ACTIVE, NOTACTIVE
status Status of the Version

This flag tells the status of the signatures under a version.
OUTDATED: It means the signatures under this version are outdated and new version is available.
LATEST: It means the signatures of this version are up to date.
string Readonly
Enum: OUTDATED, LATEST
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
update_time IDS Signature Version update time

Time when this version was downloaded and saved.
EpochMsTimestamp Readonly
user_uploaded User Uploaded Signature bundle flag

Flag which tells whether the Signature version is uploaded by user or not.
boolean Readonly
version_id Version Id

Represents the version id.
string Readonly

IdsSignatureVersionListRequestParameters (schema)

IDS signature version request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IdsSignatureVersionListResult (schema)

Paged collection of IDS signature versions

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IDS signature version list results array of IdsSignatureVersion Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsStandaloneHostConfig (schema)

Intrusion Detection System configuration

IDS configuration to enable/disable IDS on standalone host level.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ids_enabled IDS enabled flag

If set to true, IDS is enabled on standalone hosts.		 boolean Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IdsStandaloneHostConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IdsUserList (schema)

List of affected Users

List of all affected users pertaining to a
specific signature.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of all affected users

List of all affected users specific to a particular signature.		 array of string Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsUserStats (schema)

List of Users

List of Users logged into VMs where intrusions of a given signature
were detected.

Name Description Type Notes
count Number of unique users

Number of unique users logged into VMs on which a particular signature was detected.		 integer Readonly
user_list List of users

List of users logged into VMs on which a particular signature was detected.		 array of string Readonly

IdsVmList (schema)

List of affected VMs

List of all affected VMs pertaining to a
specific signature.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of all affected VMs

List of all affected VMs specific to a particular signature.		 array of string Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IdsVmStats (schema)

List of VMs where signature was detected

List of VMs on which a particular signature was detected with the count.

Name Description Type Notes
count Number of unique VMs

Number of unique VMs on which a particular signature was detected.		 integer Readonly
vm_list List of VM names

List of VM names on which intrusions of that particular signature type were detected.		 array of string Readonly

IfaceFlowInfo (schema)

Name Description Type Notes
entity Logical entity

Logical entity		 string Readonly
flows Flows

Flows		 array of string Readonly
name Logical entity name

Logical entity name		 string Readonly
uuid Logical entity UUID

Logical entity UUID		 string Readonly

IgmpMembership (schema)

IGMP membership details

IGMP (Internet Group Management Protocol) membership details.

Name Description Type Notes
group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
igmp_version IGMP version

IGMP version.		 integer Required
Readonly
interface Interface name

Interface on which multicast group membership is learned.
string Required
Readonly
no_of_sources Number of multicast sources

Number of multicast sources.		 string Required
Readonly
source_address IP address multicast source

IP address of multicast source.		 IPAddress Required
Readonly
uptime Group membership active time

Multicast group membership active time.		 string Required
Readonly

IgmpMembershipCsvRecord (schema)

Name Description Type Notes
group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
igmp_version IGMP version

IGMP version.		 integer Required
Readonly
interface Interface name

Interface on which multicast group membership is learned.
string Required
Readonly
no_of_sources Number of multicast sources

Number of multicast sources.		 string Required
Readonly
source_address IP address multicast source

IP address of multicast source.		 IPAddress Required
Readonly
transport_node Transport node uuid or policy path

Transport node uuid or policy path.		 string Required
Readonly
uptime Group membership active time

Multicast group membership active time.		 string Required
Readonly

IgmpMemberships (schema)

IGMP Memberships

IGMP Memberships.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
gateway_path Policy path to Tier0 or Tier1 gateway

Policy path to Tier0 or Tier1 gateway.
string Required
igmp_memberships_per_edge array of IgmpMembershipsPerEdge
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IgmpMembershipsInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of IgmpMembershipCsvRecord Readonly

IgmpMembershipsPerEdge (schema)

IGMP Memberships Per Edge

IGMP Memberships Per Edge.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
edge_path Policy path to edge node

Policy path to edge node.
string Required
igmp_memberships array of IgmpMembership
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IkeDigestAlgorithm (schema)

Digest Algorithms used in IKE negotiations

The IkeDigestAlgorithms are used to verify message
integrity during Ike negotiation. SHA1 produces 160
bits hash and SHA2_XXX produces XXX bit hash.

Name Description Type Notes
IkeDigestAlgorithm Digest Algorithms used in IKE negotiations

The IkeDigestAlgorithms are used to verify message
integrity during Ike negotiation. SHA1 produces 160
bits hash and SHA2_XXX produces XXX bit hash.
string Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

IkeEncryptionAlgorithm (schema)

Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of
the messages exchanged during IKE negotiations. AES stands for
Advanced Encryption Standards. AES_128 uses 128-bit keys whereas
AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and
is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one
for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GCM_128 uses 128-bit keys.
AES_GCM_192 uses 192-bit keys.
AES_GCM_256 uses 256-bit keys.

Name Description Type Notes
IkeEncryptionAlgorithm Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of
the messages exchanged during IKE negotiations. AES stands for
Advanced Encryption Standards. AES_128 uses 128-bit keys whereas
AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and
is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one
for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GCM_128 uses 128-bit keys.
AES_GCM_192 uses 192-bit keys.
AES_GCM_256 uses 256-bit keys.
string Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256

ImportRequestParameter (schema)

Import task request parameters

This holds the request parameters required to invoke the import task.

Name Description Type Notes
draft_description Description to be set on the draft

Description to be set on the draft, which will hold the imported
configuration.
string
draft_display_name Display name to be set on the draft

Display name to be set on the draft, which will hold the imported
configuration.
string Required
Minimum length: 1
file File to be imported

The file having stored firewall configuration.
Only zip file will be accepted.
multipart_file Required
passphrase Passphrase to verify imported files

Passphrase to verify imported files. Passphrase needs to be same as
provided earlier to export operation which generated these imported
files.
The passphrase specified must be at least 8 characters in length and
must contain at least one lowercase, one uppercase, one numeric
character and one non-space special character.
string Required
Minimum length: 8
Pattern: "^$|^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^a-zA-Z\d\s]).{8,}$"

ImportTask (schema)

Import task information

This object holds the information of the import task.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
async_response_available True if response for asynchronous request is available boolean Readonly
cancelable True if this task can be canceled boolean Readonly
description Description of the task string Readonly
draft_path Policy path of a draft

Policy path of a draft in which the imported configuration gets stored
after completion of import task.
string Readonly
end_time The end time of the task in epoch milliseconds EpochMsTimestamp Readonly
failure_msg Reason of the task failure

This property holds the reason of the task failure, if any.
string Readonly
id Identifier for this task string Readonly
message A message describing the disposition of the task string Readonly
progress Task progress if known, from 0 to 100 integer Readonly
Minimum: 0
Maximum: 100
request_method HTTP request method string Readonly
request_uri URI of the method invocation that spawned this task string Readonly
start_time The start time of the task in epoch milliseconds EpochMsTimestamp Readonly
status Current status of the task TaskStatus Readonly
user Name of the user who created this task string Readonly

IncludedFieldsParameters (schema)

A list of fields to include in query results

Name Description Type Notes
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string

Infra (schema)

Infra

Infra space related policy.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildALBAnalyticsProfile
ChildALBApplicationPersistenceProfile
ChildALBApplicationProfile
ChildALBAuthProfile
ChildALBAutoScaleLaunchConfig
ChildALBDnsPolicy
ChildALBErrorPageBody
ChildALBErrorPageProfile
ChildALBHTTPPolicySet
ChildALBHardwareSecurityModuleGroup
ChildALBHealthMonitor
ChildALBIpAddrGroup
ChildALBL4PolicySet
ChildALBNetworkProfile
ChildALBNetworkSecurityPolicy
ChildALBPKIProfile
ChildALBPool
ChildALBPoolGroup
ChildALBPoolGroupDeploymentPolicy
ChildALBPriorityLabels
ChildALBProtocolParser
ChildALBSSLKeyAndCertificate
ChildALBSSLProfile
ChildALBSSOPolicy
ChildALBSecurityPolicy
ChildALBServerAutoScalePolicy
ChildALBStringGroup
ChildALBTrafficCloneProfile
ChildALBVSDataScriptSet
ChildALBVirtualService
ChildALBVsVip
ChildALBWafCRS
ChildALBWafPolicy
ChildALBWafPolicyPSMGroup
ChildALBWafProfile
ChildALBWebhook
ChildBfdProfile
ChildCaBundle
ChildConstraint
ChildDeploymentZone
ChildDhcpRelayConfig
ChildDhcpServerConfig
ChildDnsSecurityProfile
ChildDomain
ChildEnforcementPoint
ChildEvpnTenantConfig
ChildFloodProtectionProfile
ChildFullSyncState
ChildGatewayQosProfile
ChildGlobalConfig
ChildGlobalManager
ChildGlobalManagerConfig
ChildIPDiscoveryProfile
ChildIPFIXDFWCollectorProfile
ChildIPFIXDFWProfile
ChildIPFIXL2CollectorProfile
ChildIPFIXL2Profile
ChildIPSecVpnDpdProfile
ChildIPSecVpnIkeProfile
ChildIPSecVpnTunnelProfile
ChildIpAddressBlock
ChildIpAddressPool
ChildIpv6DadProfile
ChildIpv6NdraProfile
ChildL7AccessProfile
ChildLBAppProfile
ChildLBClientSslProfile
ChildLBMonitorProfile
ChildLBPersistenceProfile
ChildLBPool
ChildLBServerSslProfile
ChildLBService
ChildLBVirtualServer
ChildLiveTraceConfig
ChildMacDiscoveryProfile
ChildMetadataProxyConfig
ChildOpsGlobalConfig
ChildPolicyBaseHostSwitchProfile
ChildPolicyContextProfile
ChildPolicyDnsForwarderZone
ChildPolicyDraft
ChildPolicyFirewallScheduler
ChildPolicyFirewallSessionTimerProfile
ChildPolicyHostTransportNodeProfile
ChildPolicyIgmpProfile
ChildPolicyLabel
ChildPolicyLatencyStatProfile
ChildPolicyPimProfile
ChildPolicyServiceChain
ChildPolicyTransportZoneProfile
ChildPortMirroringProfile
ChildQoSProfile
ChildSegment
ChildSegmentSecurityProfile
ChildService
ChildServiceReference
ChildSite
ChildSpan
ChildSpoofGuardProfile
ChildStaticMimeContent
ChildTier0
ChildTier1
ChildTlsCertificate
ChildTlsCrl
ChildTlsCsr
ChildTlsPolicy
ChildTlsProfile
ChildTraceflowConfig
ChildVMTagReplicationPolicy
ChildVniPoolConfig
connectivity_strategy Connectivity strategy used by this tenant

The connectivity strategy is deprecated. Use default layer3 rule,
/infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule.
This field indicates the default connectivity policy for the infra
or tenant space
WHITELIST - Adds a default drop rule. Administrator can then use "allow"
rules (aka whitelist) to allow traffic between groups
BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules
(aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled
NONE - No default rules are added.
string Deprecated
Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domains Domains for infra

This field is used while creating or updating the infra space.
array of Domain
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Infra string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

InfraSecurityConfig (schema)

NSX global configs for security purposes, like trust store and trust manager.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
ca_signed_only A flag to indicate whether the server certs are only allowed to be ca-signed.

When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates.		 boolean
crl_checking_enabled A flag to indicate whether the Java trust-managers check certificate revocation

When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not. Setting this property to false results in lower security. It is not advisible to import certificate without CRL info while CRL checking is disabled, and then re-enable CRL checking.		 boolean
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
eku_checking_enabled A flag to indicate whether the Extended Key Usage extension in the certificate is checked.

When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk.		 boolean
id Unique identifier of this resource string Sortable
resource_type Must be set to the value InfraSecurityConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IngressBroadcastRateLimiter (schema)

A shaper that specifies ingress rate properties in kb/s

Name Description Type Notes
average_bandwidth Average bandwidth in kb/s int Minimum: 0
Default: "0"
burst_size Burst size in bytes int Minimum: 0
Default: "0"
enabled boolean Required
peak_bandwidth Peak bandwidth in kb/s int Minimum: 0
Default: "0"
resource_type Must be set to the value IngressBroadcastRateLimiter string Required
Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter
Default: "IngressRateLimiter"

IngressBroadcastRateShaper (schema) (Deprecated)

A shaper that specifies ingress rate properties in kb/s

Name Description Type Notes
average_bandwidth_kbps Average bandwidth in kb/s int Minimum: 0
Default: "0"
burst_size_bytes Burst size in bytes int Minimum: 0
Default: "0"
enabled boolean Required
peak_bandwidth_kbps Peak bandwidth in kb/s int Minimum: 0
Default: "0"
resource_type Must be set to the value IngressBroadcastRateShaper string Required
Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper
Default: "IngressRateShaper"

IngressRateLimiter (schema)

A shaper that specifies ingress rate properties in Mb/s

Name Description Type Notes
average_bandwidth Average bandwidth in Mb/s

You can use the average bandwidth to reduce network congestion.		 int Minimum: 0
Default: "0"
burst_size Burst size in bytes

The burst duration is set in the burst size setting.		 int Minimum: 0
Default: "0"
enabled boolean Required
peak_bandwidth Peak bandwidth in Mb/s

The peak bandwidth rate is used to support burst traffic.		 int Minimum: 0
Default: "0"
resource_type Must be set to the value IngressRateLimiter string Required
Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter
Default: "IngressRateLimiter"

IngressRateShaper (schema) (Deprecated)

A shaper that specifies ingress rate properties in Mb/s

Name Description Type Notes
average_bandwidth_mbps Average bandwidth in Mb/s int Minimum: 0
Default: "0"
burst_size_bytes Burst size in bytes int Minimum: 0
Default: "0"
enabled boolean Required
peak_bandwidth_mbps Peak bandwidth in Mb/s int Minimum: 0
Default: "0"
resource_type Must be set to the value IngressRateShaper string Required
Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper
Default: "IngressRateShaper"

InitiateClusterRestoreRequest (schema)

Name Description Type Notes
ip_address IP address or FQDN of the node from which the backup was taken string Readonly
Format: hostname-or-ip
node_id Unique id of the backed-up configuration from which the appliance will be restored string Required
Readonly
timestamp Timestamp of the backed-up configuration from which the appliance will be restored EpochMsTimestamp Required
Readonly

Injection (schema)

Injection

Injection holding a key and a corresponding value.

Name Description Type Notes
key Key

Injection key.		 string Required
value Value

Injection value.		 InjectionValue
(Abstract type: pass one of the following concrete types)
UnaryOperationBasedInjectionValue		 Required

InjectionValue (schema)

Injection Value

Injection Value.
This is an abstract type. Concrete child types:
UnaryOperationBasedInjectionValue

Name Description Type Notes
resource_type Resource Type

Injection Value resource type.
string Required
Enum: UnaryOperationBasedInjectionValue

InstallUpgradeServiceProperties (schema)

install-upgrade service properties

Name Description Type Notes
enabled True if service enabled; otherwise, false boolean Required
enabled_on IP of manager on which install-upgrade is enabled string Readonly

InstanceDeploymentConfig (schema)

Instance Deployment Config

The Instance Deployment Config contains settings that is applied during install time.

Name Description Type Notes
compute_id compute id

Resource Pool or Compute Id.		 string Required
context_id Context Id

Context Id or VCenter Id.		 string Required
host_id Host id

The service VM will be deployed on the specified host in the
specified server within the cluster if host_id is specified.
Note: You must ensure that storage and specified networks are
accessible by this host.
string
storage_id storage id

Storage Id.		 string Required
vm_nic_infos List of VM NIC information

List of NIC information for VMs		 array of VmNicInfo Required
Minimum items: 1
Maximum items: 2

InstanceEndpoint (schema)

EndPoint of an Instance

An InstanceEndpoint belongs to one ServiceInstance and represents a redirection target for a Rule. For Example - It can be an L3 Destination. Service Attachments is required for a InstanceEndpoint of type LOGICAL, and deployed_to if its a VIRTUAL InstanceEndpoint.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
endpoint_type Instance Endpoint Type

LOGICAL - It must be created with a ServiceAttachment and identifies a destination connected to the Service Port of the ServiceAttachment, through the ServiceAttachment's Logical Switch. VIRTUAL - It represents a L3 destination the router can route to but does not provide any further information about its location in the network. Virtual InstanceEndpoints are used for redirection targets that are not connected to Service Ports, such as the next-hop routers on the Edge uplinks.		 string Enum: LOGICAL, VIRTUAL
Default: "LOGICAL"
id Unique identifier of this resource string Sortable
link_ids Link Id list

Link Ids are mandatory for VIRTUAL Instance Endpoint. Even though VIRTUAL, the Instance Endpoint should be connected/accessible through an NSX object. The link id is this NSX object id. Example - For North-South Service Insertion, this is the LogicalRouter Id through which the targetIp/L3 destination accessible.		 array of ResourceReference Minimum items: 1
Maximum items: 1
resource_type Must be set to the value InstanceEndpoint string
service_attachments Service Attachment list

Id(s) of the Service Attachment where this enndpoint is connected to. Service Attachment is mandatory for LOGICAL Instance Endpoint.		 array of ResourceReference Minimum items: 1
Maximum items: 1
service_instance_id Service instance Id

The Service instancee with which the instance endpoint is associated.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target_ips Target IPs

Target IPs on an interface of the Service Instance.		 array of IPInfo Required
Minimum items: 1
Maximum items: 1

InstanceEndpointListResult (schema)

Instance Endpoint List

List of instance endpoints.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Instance End Point list

List of instance endpoints.		 array of InstanceEndpoint Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

InstanceRuntime (schema)

Runtime of a Service-Instance.

A Service Runtime is the runtime entity associated with ever Service-VM deployed.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
compute_collection_id Compute Collection Id

Resource Pool or cluster Id.		 string Readonly
deployment_status Instance Runtime deployment status

Service-Instance Runtime deployment status of the Service-VM. It shows the latest status during the process of deployment, redeploy, upgrade, and un-deployment of VM.		 string Readonly
Enum: DEPLOYMENT_IN_PROGRESS, DEPLOYMENT_FAILED, DEPLOYMENT_SUCCESSFUL, UPGRADE_IN_PROGRESS, UPGRADE_FAILED, UNDEPLOYMENT_IN_PROGRESS, UNDEPLOYMENT_FAILED, UNDEPLOYMENT_SUCCESSFUL, UNKNOWN
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_message Error Message

Error message for the Service Instance Runtime if any.		 string Readonly
id Unique identifier of this resource string Sortable
maintenance_mode Instance Runtime maintenance mode

The maintenance mode indicates whether the corresponding service VM
is in maintenance mode. The service VM will not be used to service
new requests if it is in maintenance mode.
string Readonly
Enum: OFF, ENTERING, ON, EXITING
resource_type Must be set to the value InstanceRuntime string
runtime_health_status_by_partner Instance runtime health status set by partner

Service-Instance runtime health status set by partner to indicate
whether the service is running properly or not.
string Readonly
Enum: HEALTHY, STOPPED, NOT_RESPONDING
runtime_status Instance Runtime Status

Service-Instance Runtime status of the deployed Service-VM.		 string Readonly
Enum: IN_SERVICE, OUT_OF_SERVICE, NEEDS_ATTENTION, NOT_AVAILABLE
service_instance_id Service instance id

Id of an instantiation of a registered service.		 string Readonly
service_vm_id Service VM id

Service-VM/SVM id of deployed virtual-machine.		 string Readonly
storage_id Storage Id

Moref of the datastore in VC.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unhealthy_reason Reason for service status when unhealthy

Reason provided by partner for the service being unhealthy. This could be due
to various reasons such as connectivity lost as an example.
string Readonly
vm_nic_info VM NIC info VmNicInfo Readonly

InstanceRuntimeListResult (schema)

InstanceRuntime list result

Result of List of InstanceRuntimes

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of existing InstanceRuntimes in database
array of InstanceRuntime Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

InstanceRuntimeStatistic (schema)

Instance runtime statistic

Statistics for data NICs on an instance runtime

Name Description Type Notes
interface_statistics List of statistics for all NICs

List of statistics for all data NICs on a runtime.		 array of RuntimeInterfaceStatistics Readonly
primary_runtime_stats Specifies whether statistics are for primary

Specifies whether statistics are for primary runtime.
boolean Readonly
runtime_id Id of the instance runtime

Id of the instance runtime		 string Readonly
runtime_name Name of the instance runtime

Name of the instance runtime		 string Readonly

InstanceStats (schema)

Instance statistics

Stores statistics of the instances like MANAGED and UNMANAGED instances.

Name Description Type Notes
error Error Instances

The number of instances with status ERROR.		 integer Readonly
managed Managed Instances

The number of instances with status MANAGED.		 integer Readonly
powered_off Powered Off Instances

The number of instances with status POWERED OFF.		 integer Readonly
total Total number of instances

The total number of instances.		 integer Readonly
unmanaged Unmanaged Instances

The number of instances with status UNMANAGED.		 integer Readonly
vcpus Virtual CPUs

The number of virtual CPUs.		 integer Readonly

InstructionInfo (schema)

Details of the instructions displayed during restore process

Name Description Type Notes
actions Actions list

A list of actions that are to be applied to resources		 array of string Required
Readonly
fields Displayable fields

A list of fields that are displayable to users in a table		 array of string Required
Readonly
id UUID of the instruction string Required
Readonly
name Instruction name string Required
Readonly

IntegerArrayConstraintValue (schema)

Array of Integer Values to perform operation

List of values

Name Description Type Notes
resource_type Must be set to the value IntegerArrayConstraintValue string Required
Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue
values Array of Integer

Array of integer values		 array of int Required
Minimum items: 1
Maximum items: 100

IntelligenceBrokerEndpointInfo (schema) (Deprecated)

NSX-Intelligence broker endpoint

This is deprecated. Please use CommonAgentEndpointInfo instead.
An endpoint to connect to NSX-Intelligence broker.
Either FQDN or IP address can be used in the endpoint info.

Name Description Type Notes
address Broker address

The IP address or the full qualified domain name of broker.
string Required
Format: hostname-or-ip
port Broker port number

The port number where the broker is listening to.
integer Required
Minimum: 1
Maximum: 65535

IntelligenceClusterNodeVMDeletionParameters (schema)

Parameters for DeleteAutoDeployedIntelligenceClusterNodeVM

Parameters for deletion of a NSX-Intelligence cluster node VM.

Name Description Type Notes
force_delete Delete by force

If true, the VM will be undeployed even if it cannot be removed
from its cluster.
boolean

IntelligenceClusterNodeVMDeploymentConfig (schema)

Configuration for deploying NSX-Intelligence cluster node VM

Contains info used to configure the VM on deployment This is an abstract type. Concrete child types:
IntelligenceVsphereClusterNodeVMDeploymentConfig

Name Description Type Notes
placement_type Type of deployment

Specifies the config for the platform through which to deploy the VM
string Required
Enum: IntelligenceVsphereClusterNodeVMDeploymentConfig

IntelligenceClusterNodeVMDeploymentRequest (schema)

Info for NSX-Intelligence node deployment request

Contains the deployment information for a NSX-Intelligence node VM.

Name Description Type Notes
deployment_config Deployment config for NSX-Intelligence cluster node VM

Info needed to configure a NSX-Intelligence cluster node VM at deployment for a
specific platform.
IntelligenceClusterNodeVMDeploymentConfig
(Abstract type: pass one of the following concrete types)
IntelligenceVsphereClusterNodeVMDeploymentConfig		 Required
form_factor Form factor for NSX-Intelligence VMs

Specifies the desired "size" of the VM
IntelligenceClusterNodeVMFormFactor Default: "SMALL"
user_settings User settings for the VM

Username and password settings for the NSX-Intelligence node VM.
Passwords must be at least 12 characters in length and contain at
least one lowercase, one uppercase, one numerical, and one special
character.
Note: These settings will be honored only during VM deployment.
Post-deployment, CLI must be used for changing the user settings and
changes to these parameters will not have any effect.
NodeUserSettings Required
vm_id ID of VM used to recognize it

ID of the VM maintained internally.
Note: This is automatically generated and cannot be modified.
string Readonly

IntelligenceClusterNodeVMDeploymentRequestList (schema)

IntelligenceClusterNodeVMDeploymentRequest list

List of IntelligenceClusterNodeVMDeploymentRequests

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of existing IntelligenceClusterNodeVMDeploymentRequests
array of IntelligenceClusterNodeVMDeploymentRequest Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IntelligenceClusterNodeVMDeploymentStatusReport (schema)

Report of a VM's deployment status

Contains up-to-date information relating to an auto-deployed VM, including
its status and (potentially) an error message.

Name Description Type Notes
deployment_progress_state Deployment progress state of node VM

Detailed progress state of node VM deployment realization		 ClusterNodeVMDeploymentProgressState Readonly
failure_code Error code for failure

In case of auto-deployment-related failure, the code for the error will
be stored here.
integer
failure_message Error message for failure

In case of auto-deployment-related failure, an error message will be
stored here.
string
status Auto-deployed VM's deployment status

Status of the addition or deletion of an auto-deployed NSX-Intelligence cluster node VM.
string Required
Enum: NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, VM_POWER_ON_SUCCESSFUL, VM_REGISTRATION_IN_PROGRESS, VM_REGISTRATION_SUCCESSFUL, VM_REGISTRATION_FAILED, VM_WAITING_TO_COME_ONLINE, VM_ONLINE_FAILED, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, WAITING_TO_UNDEPLOY_VM, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, UNKNOWN_STATE

IntelligenceClusterNodeVMFormFactor (schema) (Deprecated)

Supported VM form factor for NSX-Intelligence cluster nodes

Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM. Enum value SMALL, LARGE and
EXTRA_LARGE will be deprecated.

Name Description Type Notes
IntelligenceClusterNodeVMFormFactor Supported VM form factor for NSX-Intelligence cluster nodes

Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM. Enum value SMALL, LARGE and
EXTRA_LARGE will be deprecated.
string Deprecated
Enum: EVALUATION, STANDARD, ADVANCED, SMALL, LARGE, EXTRA_LARGE

IntelligenceFlowPrivateIpPrefixInfo (schema) (Deprecated)

NSX-Intelligence flow private IP prefix

This is deprecated. Please use CommonAgentPrivateIpRangeInfo instead.
An IP prefix to mark the private network that NSX-Intelligence
network flow is collected from.

Name Description Type Notes
address IP address

The prefix of IP address that marks the range of private network.
IPAddress Required
address_type IP address type

The type of IP address.
string Required
Enum: IPV4, IPV6
prefix_length IP prefix length

The length of IP address prefix that marks the range of private network.
integer Required
Minimum: 1
Maximum: 128

IntelligenceFormFactor (schema)

Napp cluster form factor

Napp cluster form factor

Name Description Type Notes
default_worker_count Default number of Napp worker nodes.

Default number of Napp worker nodes.		 integer Readonly
disk Disk size of the Napp worker nodes in GBs

Disk size of the Napp worker nodes in GBs.		 integer Readonly
memory Memory size of the Napp worker nodes in GBs

Memory size of the Napp worker nodes in GBs		 integer Readonly
type Napp cluster form factor type

NSX Intelligence node form factor type
IntelligenceClusterNodeVMFormFactor Readonly
vcpu Number of virtual cpus on the Napp worker nodes

Number of virtual cpus on the Napp worker nodes		 integer Readonly

IntelligenceFormFactors (schema)

Napp cluster form factors list result

Name Description Type Notes
form_factors Napp cluster form factor list array of IntelligenceFormFactor

IntelligenceHostConfigurationInfo (schema) (Deprecated)

NSX-Intelligence host configuration

This is deprecated. Please use IntelligenceTransportNodeProfile instead.
NSX-Intelligence configuration that can be applied to host nodes.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
broker_bootstrap_servers List of NSX-Intelligence broker endpoints

List of NSX-Intelligence broker endpoints that host nodes contact initially.
array of IntelligenceBrokerEndpointInfo
broker_certificate Broker certificate

A broker certificate to verify the identity of brokers.
string
broker_truststore Broker truststore

A truststore to establish the trust between NSX and NSX-Intelligence brokers.
string
context_data_collection_interval VM guest context data collection interval

Interval in minute of reporting VM guest context data to NSX-Intelligence.
Recommend to keep this value the same as flow_data_collection_interval.
integer Minimum: 2
Maximum: 30
Default: "5"
context_process_hashes List of hashes of processes to collect context data

List of hashes of processes to collect context data.
Empty implies all processes.
array of string
context_process_names List of processes to collect context data

List of processes to collect context data.
Empty implies all processes.
array of string
context_user_sids List of windows user sid to collect context data

List of windows user sid to collect context data.
Empty implies all users.
array of string
context_user_uids List of linux user uid to collect context data

List of linux user uid to collect context data.
Empty implies all users.
array of string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_context_data_collection Enable context data collection

Enable NSX-Intelligence context data collection in host nodes.
boolean Default: "True"
enable_data_collection Enable data collection

Enable NSX-Intelligence data collection in host nodes.

This property has been deprecated.
To enable flow data collection,
use property enable_flow_data_collection instead.
To enable context data collection,
use property enable_context_data_collection instead.

When this property is set to false, no data collection
is performed even if enable_flow_data_collection or
enable_context_data_collection is set to true.

When this property is set to true, property
enable_flow_data_collection and enable_context_data_collection
control whether to collect flow data and context data separately.
boolean Deprecated
Default: "True"
enable_deep_packet_inspection Enable deep packet inspection

Enable NSX-Intelligence deep packet inspection in host nodes.
boolean Default: "True"
enable_external_ip_aggregation Enable external IP aggregation

When this property is set to true, if the source or destination
of network traffic uses an IP address that is not included in
property private_ip_prefix, it is reported as ANY (255.255.255.255)
to NSX-Intelligence.

When this property is set to false, the original IP addresses of
network traffic are reported to NSX-Intelligence,
regardless whether they are included in property private_ip_prefix.
boolean Default: "False"
enable_flow_data_collection Enable flow data collection

Enable NSX-Intelligence flow data collection in host nodes.
boolean Default: "True"
flow_data_collection_interval Network flow data collection interval

Interval in minute of reporting network flow data to NSX-Intelligence.
Recommend to keep this value the same as context_data_collection_interval.
integer Minimum: 2
Maximum: 30
Default: "5"
id Unique identifier of this resource string Sortable
max_active_flow_count Maximum active network flow

Maximum active network flow to collect in collection interval.
integer Minimum: 1
Maximum: 5000000
Default: "25000"
max_active_flow_count_bm Maximum active network flow for Bare Metal server

Maximum active network flow to collect in collection interval for Bare Metal server.
integer Minimum: 1
Maximum: 5000000
Default: "12500"
max_inactive_flow_count Maximum inactive network flow

Maximum inactive network flow to collect in collection interval.
integer Minimum: 1
Maximum: 5000000
Default: "50000"
max_inactive_flow_count_bm Maximum inactive network flow for Bare Metal server

Maximum inactive network flow to collect in collection interval for Bare Metal server.
integer Minimum: 1
Maximum: 5000000
Default: "25000"
private_ip_prefix List of private IP prefix

List of private IP prefix that NSX-Intelligence network flow
is collected from.
array of IntelligenceFlowPrivateIpPrefixInfo
resource_type Must be set to the value IntelligenceHostConfigurationInfo string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IntelligenceVsphereClusterNodeVMDeploymentConfig (schema)

Deployment config on the Vsphere platform

The Vsphere deployment configuration determines where to deploy the
NSX-Intelligence cluster node VM through a vCenter server. It contains settings that are
applied during install time.
If using DHCP, the following fields must be left unset - dns_servers,
management_port_subnets, and default_gateway_addresses

Name Description Type Notes
allow_ssh_root_login Allow root SSH logins.

If true, the root user will be allowed to log into the VM.
Allowing root SSH logins is not recommended for security reasons.
boolean Default: "False"
compute_id Cluster identifier or resourcepool identifier

The NSX-Intelligence cluster node VM will be deployed on the specified cluster or
resourcepool for specified VC server.
string Required
default_gateway_addresses Default gateway for the VM

The default gateway for the VM to be deployed must be specified if all
the other VMs it communicates with are not in the same subnet.
Do not specify this field and management_port_subnets to use DHCP.
Note: only single IPv4 default gateway address is supported and it
must belong to management network.
IMPORTANT: VMs deployed using DHCP are currently not supported,
so this parameter should be specified.
array of IPAddress Minimum items: 1
Maximum items: 1
disk_provisioning Disk provitioning type

Specifies the disk provisioning type of the VM.
DiskProvisioning Default: "THIN"
display_name NSX-Intelligence VM display name

Desired display name for NSX-Intelligence VM to be deployed
string
dns_servers DNS servers.

List of DNS servers.
If DHCP is used, the default DNS servers associated with
the DHCP server will be used instead.
Required if using static IP.
array of IPv4Address Minimum items: 1
enable_ssh Enable SSH.

If true, the SSH service will automatically be started on the VM.
Enabling SSH service is not recommended for security reasons.
boolean Default: "False"
host_id Host identifier

The NSX-Intelligence cluster node VM will be deployed on the specified host in the
specified VC server within the cluster if host_id is specified.
Note: User must ensure that storage and specified networks are
accessible by this host.
string
hostname Host name or FQDN for the VM

Desired host name/FQDN for the VM to be deployed
string Required
Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*?$"
management_network_id Portgroup identifier for management network connectivity

Distributed portgroup identifier to which the management vnic of
NSX-Intelligence cluster node VM will be connected.
string Required
management_port_subnets Port subnets for management port

IP Address and subnet configuration for the management port.
Do not specify this field and default_gateway_addresses to use DHCP.
Note: only one IPv4 address is supported for the management port.
IMPORTANT: VMs deployed using DHCP are currently not supported,
so this parameter should be specified.
array of IPSubnet Minimum items: 1
Maximum items: 1
ntp_servers NTP servers.

List of NTP servers.
To use hostnames, a DNS server must be defined. If not using DHCP,
a DNS server should be specified under dns_servers.
array of HostnameOrIPv4Address
ovf_url URL of the ovf file to deploy

The NSX-Intelligence cluster node VM OVF URL to download and install the OVF file.
This field is deprecated now. Please upload OVA file using "/repository/bundles" API
and then try deployment without providing this field.
string Deprecated
placement_type Must be set to the value IntelligenceVsphereClusterNodeVMDeploymentConfig string Required
Enum: IntelligenceVsphereClusterNodeVMDeploymentConfig
storage_id Storage/datastore identifier

The NSX-Intelligence cluster node VM will be deployed on the specified datastore in
the specified VC server. User must ensure that storage is accessible
by the specified cluster/host.
string Required
vc_id Vsphere compute identifier for identifying VC server

The VC-specific identifiers will be resolved on this VC, so all other
identifiers specified in the config must belong to this vCenter server.
string Required

IntentEnforcementPointListRequestParams (schema)

List request parameters containing intent path and enforcement point path

List request parameters containing intent path and enforcement point path

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point from which the list of groups needs
to be fetched. Forward slashes must be escaped using %2F. If no enforcement
point path is specified, the default enforcement point is considered
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
intent_path String path of the intent object string Required
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IntentPathRequestParameter (schema)

Parameter to filter realized entities by intent path

Intent path for which state/realized entities would be fetched.

Name Description Type Notes
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F
string Required
site_path Policy Path of the site

Policy Path referencing a site. This is applicable only on a
GlobalManager. If no site_path is specified, then based on the span of
the intent the response will be fetched from the respective sites
string

IntentRuntimeRequestParameters (schema)

Request Parameters for Intent Runtime Information

Request parameters that represents a an intent path.

Name Description Type Notes
intent_path Policy Path of the intent object

Policy Path referencing an intent object.
string Required
site_path Policy Path of the site from where the realization status needs to be fetched

Policy Path referencing a site. This is applicable only on a GlobalManager. If no
site_path is specified, then based on the span of the intent the response will be
fetched from the respective sites
string

IntentStatusRequestParameters (schema)

Request Parameters for Intent Status Information

Request parameters that represents a binding between an intent path and whether the
enforcement point specific status shall be retrieved from the enforcement point or
not. A request can be parameterized with this pair and will be evaluated as follows:
- <intent_path>: the request is evaluated on all enforcement points for the given
intent with no enforced statuses' details returned.
- <intent_path, include_enforced_status=true>: the request is evaluated on all
enforcement points for the given intent with enforced statuses' details returned.

Name Description Type Notes
include_enforced_status Include Enforced Status Flag

Flag conveying whether to include detailed view of the enforcement point specific
status or not.
boolean Default: "False"
intent_path Policy Path of the intent object

Policy Path referencing an intent object.
string Required
site_path Policy Path of the site from where the realization status needs to be fetched

Policy Path referencing a site. This is applicable only on a GlobalManager. If no
site_path is specified, then based on the span of the intent the response will be
fetched from the respective sites
string

InterSRRoutingConfig (schema)

Inter SR IBGP configuration

Name Description Type Notes
enabled Flag to enable inter SR IBGP

While creation of BGP config this flag will be set to
- true for Tier0 logical router with Active-Active high-availability
mode
- false for Tier0 logical router with Active-Standby high-availability
mode.
User can change this value while updating inter-sr config.
boolean Default: "True"

InterSiteBgpSummary (schema)

Name Description Type Notes
last_update_timestamp Last updated timestamp

Timestamp when the inter-site IBgp neighbors status was last updated.
EpochMsTimestamp Required
Readonly
neighbor_status Inter-site IBgp neighbors status

Status of all inter-site IBgp neighbors.		 array of BgpNeighborStatus Readonly
transport_node_id Edge node id

Edge node id whose status is being reported.		 string Required
Readonly

InterSitePortCounters (schema)

Name Description Type Notes
blocked_packets The number of blocked packets

The total number of packets blocked.		 integer
dad_dropped_packets The number of duplicate address detected packets dropped

Number of duplicate address detected packets dropped.		 integer
destination_unsupported_dropped_packets The number of destination unsupported packets dropped

Number of packtes dropped as destination is not supported.		 integer
dropped_packets The number of dropped packets

The total number of packets dropped.		 integer
firewall_dropped_packets The number of firewall packets dropped

Number of firewall packets dropped.		 integer
frag_needed_dropped_packets The number of fragmentation needed packets dropped

Number of fragmentation needed packets dropped.		 integer
ipsec_dropped_packets The number of IPSec packets dropped

Number of IPSec packets dropped		 integer
ipsec_no_sa_dropped_packets The number of IPSec no security association packets dropped

Number of IPSec no security association packets dropped.		 integer
ipsec_no_vti_dropped_packets The number of IPSec no VTI packets dropped

Number of IPSec packets dropped as no VTI is present.		 integer
ipsec_pol_block_dropped_packets The number of IPSec policy block packets dropped

Number of IPSec policy block packets dropped.		 integer
ipsec_pol_err_dropped_packets The number of IPSec policy error packets dropped

Number of IPSec policy error packets dropped.		 integer
ipv6_dropped_packets The number of IPV6 packets dropped

Number of IPV6 packets dropped.		 integer
kni_dropped_packets The number of kernal NIC interface packets dropped

Number of DPDK kernal NIC interface packets dropped.		 integer
l4port_unsupported_dropped_packets The number of L4 port unsupported packets dropped

Number of packets dropped due to unsupported L4 port.		 integer
malformed_dropped_packets The number of malformed packets dropped

Number of packtes dropped as they are malformed.		 integer
no_arp_dropped_packets The number of no ARP packets dropped

Number of no ARP packets dropped.		 integer
no_linked_dropped_packets The number of no linked packets dropped

Number of packets dropped as no linked ports are present.		 integer
no_mem_dropped_packets The number of no memory packets dropped

Number of packets dropped due to insufficient memory.		 integer
no_receiver_dropped_packets The number of no receiver packets dropped

Number of packets dropped due to absence of receiver.		 integer
no_route_dropped_packets The number of no route packets dropped integer
non_ip_dropped_packets The number of non IP packets dropped

Number of non IP packets dropped.		 integer
proto_unsupported_dropped_packets The number of protocol unsupported packets dropped

Number of packets dropped as protocol is unsupported.		 integer
redirect_dropped_packets The number of redirect packets dropped

Number of redirect packets dropped.		 integer
rpf_check_dropped_packets The number of reverse-path forwarding check packets dropped

Number of reverse-path forwarding check packets dropped.		 integer
service_insert_dropped_packets The number of service insert packets dropped

Number of service insert packets dropped.		 integer
total_bytes The total number of bytes

The total number of bytes transferred.		 integer
total_packets The total number of packets

The total number of packets transferred.		 integer
ttl_exceeded_dropped_packets The number of time to live exceeded packets dropped

Number of time to live exceeded packets dropped.		 integer

InterfaceArpCsvRecord (schema)

Name Description Type Notes
ip The IP address IPAddress Required
mac_address The MAC address string Required

InterfaceArpEntry (schema)

Name Description Type Notes
ip The IP address IPAddress Required
mac_address The MAC address string Required

InterfaceArpProxy (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
arp_proxy_entries Array of ARP proxy table entries array of PolicyArpProxyEntry Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
interface_path Policy path of gateway interface string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

InterfaceArpProxyCsvEntry (schema)

Name Description Type Notes
arp_proxy_ip ARP proxy service addresses

ARP proxy information for a service with ip.		 string Readonly
interface_path Policy path of gateway interface string Readonly
service_id Service type id

Identifier of connected service on port.		 string Readonly

InterfaceArpTable (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
edge_path Policy path of edge node

Policy path of edge node.
string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
string
interface_path The ID of the logical router port string Required
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of InterfaceArpEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

InterfaceArpTableInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of InterfaceArpCsvRecord

InterfaceDADState (schema)

Interface DAD status

Duplicate address detection status on the interface.

Name Description Type Notes
dad_statuses IPv6 DAD status

Array of DAD status which contains DAD information for IP addresses
on the interface.
array of InterfaceIPv6DADStatus Readonly
interface_path Policy path or realization ID of interface

Policy path or realization ID of interface for which IPv6 DAD
status is returned.
string Readonly

InterfaceIPv6DADStatus (schema)

IPv6 DAD status for Interface

Duplicate address detection status for IP address on the interface.

Name Description Type Notes
edge_paths Edge node paths

Array of edge nodes on which DAD status is reported for
given IP address.
array of string Readonly
ip_address IP address

IP address on the port for which DAD status is reported.
IPAddress Readonly
status DAD Status

DAD status for IP address on the port.
DADStatus Readonly

InterfaceIgmpLocalGroupConfig (schema)

Interface Igmp configuration

Interface IGMP[Internet Group Management Protocol] configuration parameters.

Name Description Type Notes
igmp_local_join_groups List of local IGMP groups

IGMP join group manages the membership of hosts and routing devices in
the multicast group. Host will join the group by conveying its information
through IGMP.
array of IPAddress

InterfaceNeighborProperties (schema)

Interface neighbor properties

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ifindex Interface index integer Required
Readonly
mac Interface MAC address string Required
Readonly
Pattern: "^[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}$"
name Interface Name string Required
Readonly
neighbors Neighbor properties array of NeighborProperties Readonly
resource_type Must be set to the value InterfaceNeighborProperties string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

InterfaceNeighborPropertyListResult (schema)

Interface neighbor property query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Interface neighbor property results array of InterfaceNeighborProperties
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

InterfacePimConfig (schema)

Interface PIM configuration

Interface PIM[Protocol Independent Multicast] configuration parameters.

Name Description Type Notes
enabled Flag to enable/disable PIM

If the flag is set to true - it will enable PIM on
the uplink interface. If the flag is set to false - it will disable
PIM on the uplink interface.
boolean Default: "False"
hello_interval PIM hello interval

PIM hello interval. Ranges from 1 to 180 seconds.
integer Minimum: 1
Maximum: 180
Default: "30"
hold_interval PIM hold interval

PIM hold interval. Ranges from 1 to 630 seconds. hold_interval
should be greater than hello_interval.
If hold interval is not provided then it will be considered as
3.5 times of hello_interval.
integer Minimum: 1
Maximum: 630

InterfaceSubnet (schema)

Subnet specification for interface connectivity

Name Description Type Notes
ip_addresses IP addresses assigned to interface array of IPAddress Required
prefix_len Subnet prefix length int Required
Minimum: 1
Maximum: 128

IntersiteGatewayConfig (schema)

Intersite gateway configuration

Intersite gateway configuration.

Name Description Type Notes
fallback_sites Fallback sites

Fallback site to be used as new primary site on current primary site
failure. Disaster recovery must be initiated via API/UI. Fallback site
configuration is supported only for T0 gateway. T1 gateway will follow
T0 gateway's primary site during disaster recovery.
array of string
intersite_transit_subnet Transit subnet in CIDR format

IPv4 subnet for inter-site transit segment connecting service routers
across sites for stretched gateway. For IPv6 link local subnet is
auto configured.
string Default: "169.254.32.0/20"
Format: ip-cidr-block
last_admin_active_epoch Epoch of last time admin changing active LocaleServices

Epoch(in seconds) is auto updated based on system current timestamp
when primary locale service is updated. It is used for resolving conflict
during site failover. If system clock not in sync then User can optionally
override this. New value must be higher than the current value.
integer Maximum: 4294967295
primary_site_path Primary egress site for gateway.

Primary egress site for gateway. T0/T1 gateway in Active/Standby mode
supports stateful services on primary site. In this mode primary site
must be set if gateway is stretched to more than one site. For T0 gateway
in Active/Active primary site is optional field. If set then secondary site
prefers routes learned from primary over locally learned routes. This field
is not applicable for T1 gateway with no services.
string

IntervalBackupSchedule (schema)

Schedule to specify the interval time at which automated backups need to be taken

Name Description Type Notes
resource_type Must be set to the value IntervalBackupSchedule string Required
Enum: WeeklyBackupSchedule, IntervalBackupSchedule
seconds_between_backups Time interval in seconds between two consecutive automated backups integer Minimum: 300
Maximum: 86400
Default: "3600"

IntervalSampling (schema)

Name Description Type Notes
sampling_interval Time interval in ms between two sampling actions. integer Required
Minimum: 1
Maximum: 30000
sampling_type Must be set to the value IntervalSampling string Required
Enum: FirstNSampling, PacketNumberSampling, IntervalSampling

InvalidCertificateAction (schema)

Action for invalid certificates

If presented invalid certificates take this action.

Name Description Type Notes
InvalidCertificateAction Action for invalid certificates

If presented invalid certificates take this action.		 string Readonly
Enum: BLOCK, ALLOW

InventoryConfig (schema)

Name Description Type Notes
compute_managers_soft_limit Soft limit on number of compute managers

Soft limit on number of compute managers, which can be added, beyond which,
addition of compute managers will result in warning getting logged
int Required

IpAddressAllocation (schema)

Parameters for IP allocation

Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allocation_ip Address that is allocated from pool IPAddress Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IpAddressAllocation string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IpAddressAllocationListResult (schema)

List of IP address allocations

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of IpAddressAllocations array of IpAddressAllocation
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpAddressBlock (schema)

IP address space represented by network address and prefix

A block of IP addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can be added to IP pools and used for IP allocation.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cidr A contiguous IP address space represented by network address and prefix length

Represents a network address and the prefix length which will be associated with a layer-2 broadcast domain. Support IPv4 and IPv6 CIDR.		 string Required
Format: ip-cidr-block
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IpAddressBlock string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IpAddressBlockListResult (schema)

Paged collection of IpAddressBlocks

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IpAddressBlock list results array of IpAddressBlock Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpAddressInfo (schema)

Ipaddress information of the fabric node.

Name Description Type Notes
ip_addresses IP Addresses of the the virtual network interface, as discovered in the source. array of IPAddress Required
Readonly
source Source of the ipaddress information. string Required
Readonly
Enum: VM_TOOLS

IpAddressPool (schema)

A collection of IP subnets

IpAddressPool is a collection of subnets. The subnets can either be derived from an IpBlock or specified by the user. User can request for IP addresses to be allocated from a pool. When an IP is requested from a pool, the IP that is returned can come from any subnet that belongs to the pool.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
check_overlap_with_existing_pools Whether to perform overlap check with existing IpAddressPools while realization.

If an existing IpAddressPool is found that overlaps with the given IpAddressPool,
then a validation error would be thrown while realization.
It is false by default.
boolean Default: "False"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildIpAddressAllocation
ChildIpAddressPoolSubnet
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_release_delay IP address release delay in milliseconds

Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins).		 integer
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pool_usage IpAddressPool usage statistics

Shows Pool statistics like total IPs, allocated IPs,
requested IP allocations and available IPs of an IpAddressPool.
PolicyPoolUsage Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IpAddressPool string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IpAddressPoolBlockSubnet (schema)

IpAddressPoolSubnet dynamically carved out of a IpAddressBlock

This type of subnet allows user to dynamically carve a subnet out of a preconfigured IpAddressBlock. The user must specify the size of the subnet and the IpAddressBlock from which the subnet is to be derived. If the required amount of IP adress space is available in the specified IpAddressBlock, the system automatically configures subnet range.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
auto_assign_gateway Indicate whether default gateway is to be reserved from the range

If this property is set to true, the first IP in the range will be reserved for gateway.		 boolean Default: "True"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_block_path The path of the IpAddressBlock from which the subnet is to be created. string Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IpAddressPoolBlockSubnet IpAddressPoolSubnetType Required
size Represents the size or number of IP addresses in the subnet

The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later.		 integer Required
start_ip Represents start ip address of the subnet

For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address.		 IPAddress
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IpAddressPoolListResult (schema)

Paged collection of IpAddressPools

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IpAddressPool list results array of IpAddressPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpAddressPoolStaticSubnet (schema)

IpAddressPoolSubnet statically configured by a user

This type of subnet is statically configured by the user. The user provides the range details and the gateway for the subnet.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allocation_ranges A collection of IPv4 or IPv6 IP Pool Ranges. array of IpPoolRange Required
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cidr Subnet representation is a network address and prefix length string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_nameservers The collection of upto 3 DNS servers for the subnet. array of IPAddress Maximum items: 3
dns_suffix The DNS suffix for the DNS server. string Format: hostname
gateway_ip The default gateway address on a layer-3 router. IPAddress
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IpAddressPoolStaticSubnet IpAddressPoolSubnetType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IpAddressPoolSubnet (schema)

Abstract class for IpSubnet in a IpAddressPool

IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified by the user. In the first case where the subnet is carved out of a IpAddressBlock, the user must specify the ID of the block from which this subnet is to be derived. This block must be pre-created. The subnet range is auto populated by the system. In the second case, the user configures the subnet range directly. No IpAddressBlock is required. This is an abstract type. Concrete child types:
IpAddressPoolBlockSubnet
IpAddressPoolStaticSubnet

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value IpAddressPoolSubnet IpAddressPoolSubnetType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

IpAddressPoolSubnetListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IP Pool subnet list results array of IpAddressPoolSubnet
(Abstract type: pass one of the following concrete types)
IpAddressPoolBlockSubnet
IpAddressPoolStaticSubnet		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpAddressPoolSubnetType (schema)

Type of IpAddressPoolSubnet

IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet

Name Description Type Notes
IpAddressPoolSubnetType Type of IpAddressPoolSubnet

IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet		 string Enum: IpAddressPoolBlockSubnet, IpAddressPoolStaticSubnet

IpAllocationBase (schema) (Deprecated)

Base type of ip-allocation

Base type of ip-allocation extended by ip pool and static binding.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
gateway_ip Gateway ip

Gateway ip address of the allocation.		 IPAddress
id Unique identifier of this resource string Sortable
lease_time Lease time

Lease time, in seconds, [60-(2^32-1)]. Default is 86400.		 integer Minimum: 60
Maximum: 4294967295
Default: "86400"
options DHCP options

If an option is defined at server level and not configred at
ip-pool/static-binding level, the option will be inherited to
ip-pool/static-binding. If both define a same-code option, the
option defined at ip-pool/static-binding level take precedence
over that defined at server level.
DhcpOptions
resource_type Must be set to the value IpAllocationBase string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpAssignmentSpec (schema) (Deprecated)

Abstract base type for specification of IPs to be used with host switch virtual tunnel endpoints

This is an abstract type. Concrete child types:
AssignedByDhcp
StaticIpListSpec
StaticIpMacListSpec
StaticIpPoolSpec

Name Description Type Notes
resource_type string Required
Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec

IpBlock (schema)

A block of IPv4/IPv6 addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can later be added to IP pools and used for IP allocation. An IP pool is typically a collection of subnets that are often not a contiguous address space. Clients are allocated IP addresses only from IP pools. Sample Structure Diagram IpBlock_VMware 192.0.0.1/8 ======================================================================= / ___________________________________________/________ / IpBlockSubnet_Finance ( IpBlockSubnet_Eng1 IpBlockSubnet_Eng2 / ) / 192.168.0.1/16 ( 192.170.1.1/16 192.180.1.1/24 / ) IpPool_Eng / (___________________________________________/________) / / =======================================================================

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cidr Represents network address and the prefix length which will be associated with a layer-2 broadcast domain string Required
Format: ip-cidr-block
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IpBlock string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpBlockListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IP block list results array of IpBlock Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpBlockSubnet (schema)

A set of IPv4/IPv6 addresses defined by a start address and a mask/prefix which will typically be associated with a layer-2 broadcast domain.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allocation_ranges A collection of IPv4/IPv6 IP ranges used for IP allocation. array of IpPoolRange Readonly
block_id Block id for which the subnet is created. string Required
cidr Represents network address and the prefix length which will be associated with a layer-2 broadcast domain string Readonly
Format: ip-cidr-block
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IpBlockSubnet string
size Represents the size or number of ip addresses in the subnet integer Required
start_ip Represents start ip address of the subnet

For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address.		 IPAddress
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpBlockSubnetListRequestParameters (schema)

Name Description Type Notes
block_id string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IpBlockSubnetListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IP block subnet list results array of IpBlockSubnet Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpDiscoverySwitchingProfile (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
arp_bindings_limit Number of IP addresses to be snooped via ARP snooping

Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. This limit only applies to IPv4 addresses and is independent of the nd_bindings_limit used for IPv6 snooping.		 int Minimum: 1
Maximum: 256
Default: "1"
arp_nd_binding_timeout ARP and ND cache timeout (in minutes)

This property controls the ARP and ND cache timeout period.It
is recommended that this property be greater than the ARP/ND
cache timeout on the VM.
int Minimum: 5
Maximum: 120
Default: "10"
arp_snooping_enabled Indicates whether ARP snooping is enabled boolean Default: "True"
description Description of this resource string Maximum length: 1024
Sortable
dhcp_snooping_enabled Indicates whether DHCP snooping is enabled boolean Default: "True"
dhcpv6_snooping_enabled Indicates if stateful DHCPv6 snooping is enabled

This option is the IPv6 equivalent of DHCP snooping.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
duplicate_ip_detection Controls whether duplicate IP detection should be enabled

Duplicate IP detection is used to determine if there is any IP conflict
with any other port on the same logical switch. If a conflict is detected,
then the IP is marked as a duplicate on the port where the IP was
discovered last. The duplicate IP will not be added to the realized
address binings for the port and hence will not be used in DFW rules or
other security configurations for the port.
DuplicateIPDetection
id Unique identifier of this resource string Sortable
nd_bindings_limit Number of IP addresses to be snooped via neighbor-discovery(ND) snooping

Indicates the number of neighbor-discovery snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. This limit only applies to IPv6 addresses and is independent of the arp_bindings_limit used for IPv4 snooping.		 int Minimum: 2
Maximum: 15
Default: "3"
nd_snooping_enabled Indicates if neighbor discovery snooping is enabled

This option is the IPv6 equivalent of ARP snooping.		 boolean Default: "False"
required_capabilities array of string Readonly
resource_type Must be set to the value IpDiscoverySwitchingProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
trust_on_first_use_enabled Controls whether trust-on-first-use should be enabled

ARP snooping being inherently susceptible to ARP spoofing,
uses a turst-on-fisrt-use (TOFU) paradigm where only the first IP address
discovered via ARP snooping is trusted. The remaining are ignored.
In order to allow for more flexibility, we allow the user to
configure how many ARP snooped address bindings should be trusted
for the lifetime of the logical port. This is controlled by the
arp_bindings_limit property in the IP Discovery profile. We refer
to this extension of TOFU as N-TOFU.
However, if TOFU is disabled, then N ARP snooped IP addresses will
be trusted until they are timed out, where N is configured by
arp_bindings_limit.
boolean Default: "True"
vm_tools_enabled Indicates whether fetching IP using vm-tools is enabled

This option is only supported on ESX where vm-tools is installed.		 boolean Default: "True"
vm_tools_v6_enabled Indicates whether fetching IPv6 addresses using vm-tools is enabled

This option is only supported on ESX where vm-tools is installed.		 boolean Default: "False"

IpInfo (schema)

Only support IP address or subnet. Its type can be of
IPv4 or IPv6. It will be converted to subnet when netmask
is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24,
2008:12:12:12::2/64 => 2008:12:12:12::/64).

Name Description Type Notes
dst_ip The destination IP address or subnet IPElement
src_ip The source IP address or subnet IPElement

IpMacPair (schema) (Deprecated)

IP and MAC pair.

Name Description Type Notes
ip IP address IPAddress Required
mac MAC address MACAddress

IpMappingsListRequestParameters (schema)

These paramaters will be used to filter the list of IP allocation mappings.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
cloud_account_id Cloud Account ID

ID of the Cloud Account in which the IPs are allocated.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
display_name Name of IP Mappings

Name of IP Mappings.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ip_allocation_type IP allocation type

Based on the type, IP allocation will be done accordingly.
Legal values are PAS and NAT.
string Enum: PAS, NAT
Default: "PAS"
mapping_id Mapping ID

ID of the mapping returned in IP allocation request.
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IpPool (schema)

A collection of one or more IPv4 or IPv6 subnets or ranges that are often not a contiguous address space. Clients are allocated IPs from an IP pool. Often used when a client that consumes addresses exhausts an initial subnet or range and needs to be expanded but the adjoining address space is not available as it has been allocated to a different client.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
check_overlap_with_existing_pools Specifies whether to perform overlap check with existing IP pools

If true, a validation error will be thrown if another IP pool is found to be overlapping with this pool.
The flag is false by default.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_release_delay IP address release delay in milliseconds

Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins).		 integer
pool_usage Pool usage statistics PoolUsage Readonly
resource_type Must be set to the value IpPool string
subnets The collection of one or more subnet objects in a pool

Subnets can be IPv4 or IPv6 and they should not overlap. The maximum number will not exceed 5 subnets.		 array of IpPoolSubnet Maximum items: 5
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpPoolDeleteRequestParameters (schema)

IpPool delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

IpPoolListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IP pool list results array of IpPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpPoolRange (schema)

A set of IPv4 or IPv6 addresses defined by a start and end address.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
end The end IP Address of the IP Range. IPAddress Required
start The start IP Address of the IP Range. IPAddress Required

IpPoolSubnet (schema)

A set of IPv4 or IPv6 addresses defined by a network CIDR.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
allocation_ranges A collection of IPv4 or IPv6 IP Pool Ranges. array of IpPoolRange Required
cidr Represents network address and the prefix length which will be associated with a layer-2 broadcast domain string Required
dns_nameservers The collection of upto 3 DNS servers for the subnet. array of IPAddress Maximum items: 3
dns_suffix The DNS suffix for the DNS server. string Format: hostname
gateway_ip The default gateway address on a layer-3 router. IPAddress

IpSecVpnPolicyTrafficStatistics (schema)

IPSec VPN policy traffic statistics

IPSec VPN policy traffic statistics

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all IPSec tunnels.		 IPSecVpnTrafficCounters Readonly
rule_path IPSec VPN Rule path

Policy path referencing the IPSec VPN Rule.		 string Readonly
tunnel_interface_path IPSec VPN Tunnel Interface path

Policy path referencing the IPSec VPN Tunnel Interface.		 string Readonly
tunnel_statistics Tunnel statistics

Tunnel statistics.		 array of IpSecVpnTunnelTrafficStatistics Readonly

IpSecVpnTunnelTrafficStatistics (schema)

IPSec VPN tunnel traffic statistics

IPSec VPN tunnel traffic statistics.

Name Description Type Notes
bytes_in Bytes in

Total number of incoming bytes on inbound Security association.
integer Readonly
bytes_out Bytes out

Total number of outgoing bytes on outbound Security association.
integer Readonly
decryption_failures Decryption failures

Total number of packets dropped due to decryption failures.
integer Readonly
dropped_packets_in Dropped incoming packets

Total number of incoming packets dropped on inbound security association.
integer Readonly
dropped_packets_out Dropped outgoing packets

Total number of outgoing packets dropped on outbound security association.
integer Readonly
encryption_failures Encryption failures

Total number of packets dropped because of failure in encryption.
integer Readonly
integrity_failures Integrity failures

Total number of packets dropped due to integrity failures.
integer Readonly
local_subnet Local subnet

Tunnel local subnet in IPv4 CIDR Block format.
string Readonly
nomatching_policy_errors Nomatching Policy errors

Number of packets dropped because of no matching policy is available.
integer Readonly
packets_in Packets in

Total number of incoming packets on inbound Security association.
integer Readonly
packets_out Packets out

Total number of outgoing packets on outbound Security association.
integer Readonly
packets_received_other_error Packets received other error

Total number of incoming packets dropped on inbound Security association.
integer Readonly
packets_sent_other_error Packets sent other error

Total number of packets dropped while sending for any reason.
integer Readonly
peer_subnet Peer subnet

Tunnel peer subnet in IPv4 CIDR Block format.
string Readonly
policy_id Policy Identifier

Policy UUID of IPSec Tunnel.		 string Readonly
replay_errors Replay errors

Total number of packets dropped due to replay check on that Security association.
integer Readonly
sa_mismatch_errors_in Security association mismatch errors on incoming packets.

Totoal number of security association mismatch errors on incoming packets.
integer Readonly
sa_mismatch_errors_out Security association mismatch errors on outgoing packets

Totoal number of security association mismatch errors on outgoing packets.
integer Readonly
seq_number_overflow_error Sequence number overflow error

Total number of packets dropped while sending due to overflow in sequence number.
integer Readonly
tunnel_down_reason Tunnel down reason

Gives the detailed reason about the tunnel when it is down. If tunnel
is UP tunnel down reason will be empty.
string Readonly
tunnel_status Tunnel Status

Specifies the status of tunnel, if it is UP/DOWN.
string Readonly
Enum: UP, DOWN

IpfixCollector (schema)

Name Description Type Notes
collector_ip_address IP address for the IPFIX collector IPAddress Required
collector_port Port for the IPFIX collector int Minimum: 0
Maximum: 65535
Default: "4739"

IpfixCollectorConfig (schema)

This managed entity contains a set of IPFIX collectors.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
collectors IPFIX Collectors array of IpfixCollector Required
Minimum items: 1
Maximum items: 4
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IpfixCollectorConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpfixCollectorConfigListResult (schema)

List of IPFIX Collector Configs

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX Collector Config array of IpfixCollectorConfig Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpfixCollectorUpmProfile (schema)

IPFIX Collector Profile

The configuration for Internet protocol flow information export (IPFIX)
collector. It should be referenced in other IPFIX profile as a collecor
config. The IPFIX exporter will send records to these collectors.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
collectors IPFIX Collector Set array of IpfixCollector Required
Minimum items: 1
Maximum items: 4
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IpfixCollectorUpmProfile IpfixCollectorUpmProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpfixCollectorUpmProfileListParameters (schema)

IPFIX Collector Profile List Parameters

Query parameters for IPFIX collector profile list

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
profile_types IPFIX Collector Profile Type List

An English comma-separated list of profile types. Enumerated value in
IpfixCollectorUpmProfileType can be listed here as a filter param.
string
sort_ascending boolean
sort_by Field by which records are sorted string

IpfixCollectorUpmProfileListResult (schema)

List of IPFIX Collector Profiles

IPFIX collector profile list result for query with profile list parameters

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX Collector Profile List array of IpfixCollectorUpmProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpfixCollectorUpmProfileType (schema)

IPFIX Collector Profile Types

All IPFIX collector profile types.

Name Description Type Notes
IpfixCollectorUpmProfileType IPFIX Collector Profile Types

All IPFIX collector profile types.		 string Enum: IpfixCollectorUpmProfile

IpfixConfig (schema)

IPFIX Config base representation

This is an abstract type. Concrete child types:
IpfixDfwConfig

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_tos AppliedTo List

List of objects where the IPFIX Config will be enabled.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IpfixConfig IpfixConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpfixConfigListParameters (schema)

IPFIX Config List Parameters

Name Description Type Notes
applied_to Applied To

An applied to UUID working as listing condition		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
ipfix_config_type Type of IPFIX Config IpfixConfigType
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

IpfixConfigListResult (schema)

List of IPFIX Config

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX Config array of IpfixConfig
(Abstract type: pass one of the following concrete types)
IpfixDfwConfig		 Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpfixConfigType (schema)

Supported IPFIX Config Types.

Name Description Type Notes
IpfixConfigType Supported IPFIX Config Types. string Enum: IpfixDfwConfig

IpfixDfwConfig (schema)

IPFIX Config for the DFW Module

It defines IPFIX DFW Configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
active_flow_export_timeout Active flow export timeout (minutes)

For long standing active flows, IPFIX records will be sent per timeout period
integer Minimum: 1
Maximum: 60
Default: "1"
applied_tos AppliedTo List

List of objects where the IPFIX Config will be enabled.		 array of ResourceReference Maximum items: 128
collector UUID of IPFIX DFW Collector Config

Each IPFIX DFW config can have its own collector config.
string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
observation_domain_id Observation domain ID

An identifier that is unique to the exporting process and used to
meter the Flows.
integer Required
Minimum: 0
Maximum: 4294967295
priority Config Priority

This priority field is used to resolve conflicts in Logical Ports
which are covered by more than one IPFIX profiles. The IPFIX
exporter will send records to Collectors in highest priority
profile (lowest number) only.
integer Required
Minimum: 0
Maximum: 65536
Default: "0"
resource_type Must be set to the value IpfixDfwConfig IpfixConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
template_parameters Template Parameters

An object that indicates whether each corresponding template parameter
is required or not.
IpfixDfwTemplateParameters

IpfixDfwTemplateParameters (schema)

IPFIX DFW Template Parameters

This entity represents the flow parameters which are exported.

Name Description Type Notes
destination_address The destination IP address of a monitored network flow.
boolean Readonly
Default: "True"
destination_transport_port The destination transport port of a monitored network flow.
boolean Readonly
Default: "True"
firewall_event Five valid values are allowed: 1. Flow Created. 2. Flow Deleted.
3. Flow Denied. 4. Flow Alert (not used in DropKick implementation).
5. Flow Update.
boolean Readonly
Default: "True"
flow_direction Two valid values are allowed: 1. 0x00: igress flow to VM. 2. 0x01:
egress flow from VM.
boolean Readonly
Default: "True"
flow_end The absolute timestamp (seconds) of the last packet of this flow.
boolean Readonly
Default: "True"
flow_start The absolute timestamp (seconds) of the first packet of this flow.
boolean Readonly
Default: "True"
icmp_code Code of the IPv4 ICMP message.
boolean Readonly
Default: "True"
octet_delta_count The number of octets since the previous report (if any) in incoming
packets for this flow at the observation point. The number of octets
include IP header(s) and payload.
boolean Readonly
Default: "True"
packet_delta_count The number of incoming packets since the previous report (if any)
for this flow at the observation point.
boolean Readonly
Default: "True"
protocol_identifier The value of the protocol number in the IP packet header.
boolean Readonly
Default: "True"
rule_id Firewall rule Id - enterprise specific Information Element that uniquely identifies
firewall rule.
boolean Readonly
Default: "True"
source_address The source IP address of a monitored network flow.
boolean Readonly
Default: "True"
source_icmp_type Type of the IPv4 ICMP message.
boolean Readonly
Default: "True"
source_transport_port The source transport port of a monitored network flow.
boolean Readonly
Default: "True"
vif_uuid VIF UUID - enterprise specific Information Element that uniquely identifies VIF.
boolean Readonly
Default: "True"

IpfixServiceAssociationListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IpfixConfig list result

Ipfix config list result with pagination support.		 array of IpfixConfig
(Abstract type: pass one of the following concrete types)
IpfixDfwConfig		 Required
Readonly
service_type Must be set to the value IpfixServiceAssociationListResult string Required
Enum: FireWallServiceAssociationListResult, IpfixServiceAssociationListResult
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpfixSwitchUpmProfile (schema)

Switching IPFIX Profile

The configuration for Internet protocol flow information export (IPFIX) and
would be enabled on the switching module to collect flow information.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
active_timeout Active Timeout

The time in seconds after a flow is expired even if more packets
matching this Flow are received by the cache.
int Minimum: 60
Maximum: 3600
Default: "300"
applied_tos Entitys Applied with Profile

Entities where the IPFIX profile will be enabled on. Maximum
entity count of all types is 128.
AppliedTos
collector_profile UUID of IPFIX Collector Profile

Each IPFIX switching profile can have its own collector profile.
string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
export_overlay_flow Export Overlay Flow

It controls whether sample result includes overlay flow info.
boolean Default: "True"
id Unique identifier of this resource string Sortable
idle_timeout Idle Timeout

The time in seconds after a flow is expired if no more packets matching
this flow are received by the cache.
int Minimum: 60
Maximum: 3600
Default: "300"
max_flows Max Flows

The maximum number of flow entries in each exporter flow cache.
integer Minimum: 0
Maximum: 4294967295
Default: "16384"
observation_domain_id Observation Domain ID

An identifier that is unique to the exporting process and used to
meter the Flows.
integer Required
Minimum: 0
Maximum: 4294967295
packet_sample_probability Packet Sample Probability

The probability in percentage that a packet is sampled. The value should be
in range (0,100] and can only have three decimal places at most. The probability
is equal for every packet.
number Minimum: 0
Maximum: 100
Default: "0.1"
priority Profile Priority

This priority field is used to resolve conflicts in logical ports/switch
which inherit multiple switch IPFIX profiles from NSGroups.

Override rule is : for multiple profiles inherited from NSGroups, the
one with highest priority (lowest number) overrides others; the profile
directly applied to logical switch overrides profiles inherited from
NSGroup; the profile directly applied to logical port overides profiles
inherited from logical switch and/or nsgroup;

The IPFIX exporter will send records to collectors of final effective
profile only.
int Required
Minimum: 0
Maximum: 65536
resource_type Must be set to the value IpfixSwitchUpmProfile IpfixUpmProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpfixUpmProfile (schema)

Base IPFIX Profile

Parent profile of all IPFIX profiles. This is an abstract type. Concrete child types:
IpfixSwitchUpmProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value IpfixUpmProfile IpfixUpmProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

IpfixUpmProfileListParameters (schema)

IPFIX Profile List Parameters

Query parameters for IPFIX profile list

Name Description Type Notes
applied_to_entity_id ID of Entity Applied with Profile

The entity ID works as a filter param. Entity ID and entity type should
be both provided or not at a query.
string
applied_to_entity_type Type of Entity Applied with Profile

The entity type works as a filter param. Enumerated value in
UpmEntityType could be used here. Entity ID and entity type should be
both provided or not at a query.
UpmEntityType
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
profile_types IPFIX Profile Type List

An English comma-separated list of profile types. Enumerated value in
IpfixUpmProfileType could be listed here as a filter param.
string
sort_ascending boolean
sort_by Field by which records are sorted string

IpfixUpmProfileListResult (schema)

List of IPFIX Profiles

IPFIX profile list result for query with list parameters

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results IPFIX Profile List array of IpfixUpmProfile
(Abstract type: pass one of the following concrete types)
IpfixSwitchUpmProfile		 Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IpfixUpmProfileType (schema)

IPFIX Profile Types

All IPFIX profile types.

Name Description Type Notes
IpfixUpmProfileType IPFIX Profile Types

All IPFIX profile types.		 string Enum: IpfixSwitchUpmProfile

Ipv4Header (schema)

Name Description Type Notes
dst_ip The destination ip address. IPv4Address
flags IP flags integer Minimum: 0
Maximum: 8
Default: "0"
protocol IP protocol - defaults to ICMP integer Minimum: 0
Maximum: 255
Default: "1"
src_ip The source ip address. IPv4Address
src_subnet_prefix_len source subnet prefix length.

This is used together with src_ip to calculate dst_ip for broadcast when dst_ip is not given; not used in all other cases.		 integer Minimum: 1
Maximum: 32
ttl Time to live (ttl) integer Minimum: 0
Maximum: 255
Default: "64"

Ipv6DadProfile (schema)

Duplicate address detection profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
dad_mode DAD Mode DADMode Default: "LOOSE"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
ns_retries NS retries count

Number of Neighbor solicitation packets generated before completing the
Duplicate address detection process.
integer Minimum: 0
Maximum: 10
Default: "3"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Ipv6DadProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
wait_time Wait time

The time duration in seconds, to wait for Neighbor advertisement
after sending the Neighbor solicitation message.
integer Minimum: 0
Maximum: 60
Default: "1"

Ipv6DadProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of Ipv6DadProfile array of Ipv6DadProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Ipv6Header (schema)

Name Description Type Notes
dst_ip The destination ip address. IPv6Address
hop_limit hop limit

Decremented by 1 by each node that forwards the packets. The packet is discarded if Hop Limit is decremented to zero.		 integer Minimum: 0
Maximum: 255
Default: "64"
next_header Identifies the type of header immediately following the IPv6 header. integer Minimum: 0
Maximum: 255
Default: "58"
src_ip The source ip address. IPv6Address

Ipv6NdraProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_config DNS Configurations RaDNSConfig
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
ndra_advertised_route Route advertised in NDRAProfile.
array of NDRAAdvertisedRoute
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
ra_config RA Configuration RAConfig Required
ra_mode RA Mode RAMode Required
Default: "SLAAC_DNS_THROUGH_RA"
reachable_timer Reachable timer

Neighbour reachable time duration in milliseconds.
A value of 0 means unspecified.
integer Minimum: 0
Maximum: 3600000
Default: "0"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Ipv6NdraProfile string
retransmit_interval Retransmission interval

The time, in milliseconds, between retransmitted neighbour
solicitation messages.
integer Minimum: 0
Maximum: 4294967295
Default: "1000"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

Ipv6NdraProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of Ipv6NdraProfile array of Ipv6NdraProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

IssuerSerialNumber (schema)

Name Description Type Notes
issuer Issuer Distinguished Name (DN)

Issuer Distinguished Name of the revoked certificates.		 string
serial_numbers Certificate Serial Numbers

List of Certificate Serial Numbers issued by the specified issuers.		 array of string

JoinClusterParameters (schema)

Parameters needed for this node to join the NSX cluster

To join a new node to the NSX cluster, issue a JoinCluster API on the new node. The JoinCluster API takes this object as a parameter. Provide the ID of the NSX cluster you want the new node to join and the IP address of one of the nodes already in that cluster. The Cluster Boot Manager running on the new node will then add the new node to the NSX cluster by making a AttachClusterNode REST API call on the node that is already part of the cluster. In order to make a REST API call to the node in the cluster, the Cluster Boot Manager will need username and password of a priviledged user on the node in the cluster. In place of a username and password, Cluster Boot Manager could also use a OAuth token provided. The Cluster Boot Manager needs either the username and password or the OAuth token to make the REST call but not both.

Name Description Type Notes
certficate_sha256_thumbprint SHA256 Thumbprint of the API certificate of the cluster node string Required
cluster_id UUID of the cluster to join string Required
ip_address IP address of a node already part of the cluster to join string Required
password Password of the user on the cluster node string
port API port on the cluster node integer Minimum: 1
Maximum: 65535
Default: "443"
token Limited time OAuth token instead of the username/password string
username Username on the cluster node string

KeySize (schema)

Crypto key size

Name Description Type Notes
KeySize Crypto key size integer

KeyStoreInfo (schema)

KeyStoreInfo

Key Store information about the url alias or datasource.

Name Description Type Notes
keystore A location of the keystore file

A location of the keystor file which stores private key and identity certificates that will be presented to both parties (server or client) for verification.		 string
keystore_alias An alias is used to uniquely identifies the entry in keystore

Its an alias specified when an entity is added to the keystore.		 string
keystore_phrase A location of the key store pass phrase file.

A location of the key store pass phrase file.		 string
truststore A location of the trust store file.

A location of the trust store file which stores the certificate from CA that verify the certificate presented by the server in SSL connection.		 string

KeyValue (schema)

Name Description Type Notes
key Key name. string Required
value Key value. string Required

KeyValuePair (schema)

An arbitrary key-value pair

Name Description Type Notes
key Key string Required
Maximum length: 255
value Value string Required
Maximum length: 255

KnownHostParameter (schema)

Name Description Type Notes
host Known host hostname or IP address HostnameOrIPv4Address Required
port Known host port integer Minimum: 1
Maximum: 65535
Default: "22"

KubeconfigInfo (schema)

Infromation about kubeconfig file

Infromation about kubeconfig file.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bundle_id Bundle id

Bundle id of uploaded file.		 string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cluster Kubernetes cluster

Kubernetes cluster to be used for deployment.		 string
connection_status Kubernetes connection status

Show whether connection to Kubernetes cluster is available or not.		 boolean Default: "False"
current_context Kubernetes cluster current context

Kubernetes cluster current context to be used for
NSX Application Platform deployment.
string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
expiry Expiry of Kubernetes cluster user token

Date and time when Kubernetes cluster user token is going to expire.		 EpochMsTimestamp
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
name Kubeconfig file name

Kubeconfig file name		 string
namespace Kubernetes cluster namespace

Kubernetes cluster namespace to be used for
NSX Application Platform deployment.
string
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value KubeconfigInfo string
server Server url

Kubernetes api server url.		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
user User name

User name to access Kubernetes cluster.		 string

KubernetesToolsInfo (schema)

Information about Kubernetes tools

Information about Kubernetes tools like kubectl client and server versions.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
client_version Client version

kubectl client version.		 string
compatible Kubectl compatibility

Show compatibility flag, whether kubectl client version is compatible with Kubernetes api server version. kubectl is supported within one minor version (older or newer) of kube-apiserver.		 boolean Default: "True"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value KubernetesToolsInfo string
server_version Server version

Kubernetes api server version.		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L2AutoRD (schema)

Layer 2 Auto assigned Route Distinguisher

Name Description Type Notes
l2_auto_rd Layer 2 auto assigned route distinghusher string
l2_vni Layer 2 Virtual Network Interface string

L2BridgeEndpointProfile (schema)

Layer 2 Bridge Endpoint Profile

Used to configure L2 Bridge endpoint profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_paths List of path of Edge nodes

List of policy paths to edge nodes. Edge allocation for L2 bridging.		 array of string Minimum items: 1
Maximum items: 2
failover_mode Failover mode for the edge bridge cluster string Enum: PREEMPTIVE, NON_PREEMPTIVE
Default: "PREEMPTIVE"
ha_mode High availability mode for the edge bridge cluster

High avaialability mode can be active-active or active-standby. High availability mode cannot be modified after realization.		 string Enum: ACTIVE_STANDBY
Default: "ACTIVE_STANDBY"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L2BridgeEndpointProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L2BridgeEndpointProfileListRequestParameters (schema)

Layer 2 bridge endpoint list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

L2BridgeEndpointProfileListResult (schema)

Paged Collection of L2BridgeEndpointProfile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results L2BridgeEndpointProfile list results array of L2BridgeEndpointProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

L2Extension (schema)

Segment specific L2 VPN configuration

Name Description Type Notes
l2vpn_path Policy path of associated L2 VPN session

This property has been deprecated. Please use the property l2vpn_paths
for setting the paths of associated L2 VPN session. This property will
continue to work as expected to provide backwards compatibility.
However, when both l2vpn_path and l2vpn_paths properties
are specified, only l2vpn_paths is used.
string Deprecated
l2vpn_paths Policy paths of associated L2 VPN sessions

Policy paths corresponding to the associated L2 VPN sessions
array of string
local_egress Local Egress

Local Egress.		 LocalEgress
tunnel_id Tunnel ID int Minimum: 1
Maximum: 4093

L2ForwarderRemoteMacs (schema) (Experimental)

Name Description Type Notes
inter_site_forwarder_status Inter-site forwarder status per node

Inter-site forwarder status per node.		 array of L2ForwarderStatusPerNode Readonly
last_update_timestamp Last updated timestamp

Timestamp when the l2 forwarder remote mac addresses was last updated.
EpochMsTimestamp Required
Readonly
logical_switch_id Logical switch id of L2 forwarder

Logical switch id on which the L2 forwarder is created.
string Required
Readonly
remote_macs_per_site L2 forwarder remote mac addresses per site

L2 forwarder remote mac addresses per site for logical switch.
array of L2ForwarderRemoteMacsPerSite Readonly

L2ForwarderRemoteMacsPerSite (schema) (Experimental)

Name Description Type Notes
remote_active_ips Remote active IPs

Remote active IP addresses.		 array of IPAddress Readonly
remote_mac_addresses Remote mac addresses

Remote mac addresses.		 array of string Readonly
remote_site Remote site

Remote site details.		 ResourceReference Required
Readonly
remote_standby_ips Remote standby IPs

Remote standby IP addresses.		 array of IPAddress Readonly
rtep_group_id RTEP group id of logical switch per site

32 bit unique RTEP group id of the logical switch per site.
integer Required
Readonly

L2ForwarderStatistics (schema)

Name Description Type Notes
last_update_timestamp Last updated timestamp

Timestamp when the l2 forwarder statistics was last updated.
EpochMsTimestamp Required
Readonly
logical_switch_id Logical switch id of L2 forwarder

Logical switch id on which the L2 forwarder is created.
string Required
Readonly
rx Received data counters

Total received data counters.		 InterSitePortCounters Readonly
tx Sent data counters

Total sent data counters.		 InterSitePortCounters Readonly

L2ForwarderStatus (schema) (Experimental)

Name Description Type Notes
last_update_timestamp Last updated timestamp

Timestamp when the service router status was last updated.
EpochMsTimestamp Required
Readonly
logical_switch_id Logical switch id of L2 forwarder

Logical switch id on which the L2 forwarder is created.
string Required
Readonly
status_per_node L2 forwarder status per node

L2 forwarder status per node.		 array of L2ForwarderStatusPerNode Readonly

L2ForwarderStatusPerNode (schema) (Experimental)

Name Description Type Notes
high_availability_status Service router's HA status

High Availability status of a service router on the edge node.
string Required
Readonly
Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN
transport_node Transport node

Edge node details from where the router status is being retrieved.
ResourceReference Required
Readonly

L2L3RuntimeRequestParameters (schema)

L2 L3 connectivity runtime status request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Policy path of edge node

Policy path of edge node. Edge should be member of enforcement point.
string
enforcement_point_path String Path of the enforcement point

Enforcement point path.		 string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

L2TcpMaxSegmentSizeClamping (schema)

TCP MSS Clamping

TCP MSS Clamping Direction and Value.

Name Description Type Notes
direction Maximum Segment Size Clamping Direction

Specifies the traffic direction for which to apply MSS Clamping.
string Enum: NONE, BOTH
Default: "BOTH"
max_segment_size Maximum Segment Size Value

MSS defines the maximum amount of data that a host is willing to
accept in a single TCP segment. This field is set in TCP header
during connection establishment. To avoid packet fragmentation,
you can set this field depending on uplink MTU and VPN overhead.
This is an optional field and in case it is left unconfigured,
best possible MSS value will be calculated based on effective
mtu of uplink interface. Supported MSS range is 108 to 8852.
integer Minimum: 108
Maximum: 8860

L2VPNPerLSTrafficStatistics (schema)

Traffic statistics per logical switch

Traffic statistics for a logical switch.

Name Description Type Notes
bum_bytes_in Broadcast, Unknown unicast and Multicast (BUM) bytes in

Total number of incoming Broadcast, Unknown unicast and Multicast (BUM) bytes.		 integer Readonly
bum_bytes_out Broadcast, Unknown unicast and Multicast (BUM) bytes out

Total number of outgoing Broadcast, Unknown unicast and Multicast (BUM) bytes.		 integer Readonly
bum_packets_in Broadcast, Unknown unicast and Multicast (BUM) packets in

Total number of incoming Broadcast, Unknown unicast and Multicast (BUM) packets.		 integer Readonly
bum_packets_out Broadcast, Unknown unicast and Multicast (BUM) packets out

Total number of outgoing Broadcast, Unknown unicast and Multicast (BUM) packets.		 integer Readonly
bytes_in Bytes in

Total number of incoming bytes.		 integer Readonly
bytes_out Bytes out

Total number of outgoing bytes.		 integer Readonly
logical_switch Logical switch

Logical switch		 ResourceReference Readonly
packets_in Packets in

Total number of incoming packets.		 integer Readonly
packets_out Packets out

Total number of outgoing packets.		 integer Readonly
packets_receive_error Packets recieved error

Total number of incoming packets dropped.		 integer Readonly
packets_sent_error Packets sent error

Total number of packets dropped while sending for any reason.		 integer Readonly

L2VPNService (schema)

L2VPN Service

L2VPN Service defines if service running as server or client. It also
defines all the common properties for the multiple L2VPN Sessions
associated with this service.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildL2VPNSession
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_hub Enable spoke to spoke (client) forwarding via hub (server)

This property applies only in SERVER mode. If set to true,
traffic from any client will be replicated to all other clients.
If set to false, traffic received from clients is only replicated
to the local VPN endpoint.
boolean Default: "False"
encap_ip_pool IP Pool for Logical Taps

IP Pool to allocate local and peer endpoint IPs for
L2VpnSession logical tap.
array of IPv4CIDRBlock
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mode L2VPN Service Mode

Specify an L2VPN service mode as SERVER or CLIENT.		 string Enum: SERVER, CLIENT
Default: "SERVER"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L2VPNService string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L2VPNServiceListRequestParameters (schema)

L2VPNService list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

L2VPNServiceListResult (schema)

Paged Collection of L2VPNServices

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results L2VPNService list results array of L2VPNService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

L2VPNSession (schema)

L2VPN Session

Defines the tunnel local and peer addresses along with multiple
tansport tunnels for redundancy. L2VPNSession belongs to only one
L2VPNService.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable L2VPN session

Enable to extend all the associated segments.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L2VPNSession string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_mss_clamping TCP MSS Clamping

TCP Maximum Segment Size Clamping Direction and Value. This feature is supported for L2VPN Sessions that are
Server mode only.
L2TcpMaxSegmentSizeClamping
transport_tunnels List of transport tunnels

List of transport tunnels for redundancy.		 array of string Required
Minimum items: 1
Maximum items: 1
tunnel_encapsulation Tunnel encapsulation config

Tunnel encapsulation config. This property only applies in CLIENT
mode. It is auto-populated from the L2VPNSessionData.
L2VPNTunnelEncapsulation Readonly
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L2VPNSessionData (schema)

L2VPN Session Data

L2VPN Session Data represents meta data necessary to create
the L2VPN Session. It is represented by an array of peer code
for each tunnel.

Name Description Type Notes
description Description of L2VPN Session string Maximum length: 1024
display_name Identifier to use when displaying L2VPN Session

Defaults to id if not set.		 string Maximum length: 255
enabled Enable L2VPN session

Enable to extend all the associated segments.		 boolean Default: "True"
transport_tunnels List of L2VPN Transport Tunnel Data

List of L2VPN transport tunnel data.		 array of L2VPNSessionTransportTunnelData Minimum items: 1
Maximum items: 1

L2VPNSessionListRequestParameters (schema)

L2VPNSession list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

L2VPNSessionListResult (schema)

Paged Collection of L2VPNSession

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results L2VPNSession list results array of L2VPNSession Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

L2VPNSessionPeerConfigNsxT (schema)

Peer code to configure the other side of the tunnel

L2VPNSessionPeerCodes represents an array of peer code for each
tunnel. The peer code is necessary to configure the remote end
of the tunnel. Currently only stand-along/unmanaged edge is
supported on the remote end of the tunnel.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
peer_codes List of peer codes

List of peer codes per transport tunnel.		 array of L2VPNSessionTransportTunnelPeerCode Readonly
Minimum items: 1
Maximum items: 1
resource_type Must be set to the value L2VPNSessionPeerConfigNsxT string Required
Enum: L2VPNSessionPeerConfigNsxT

L2VPNSessionPeerConfigPerEP (schema)

Peer config per Enforcement Point

Peer config per Enforcement Point to configure the other
side of the tunnel.
This is an abstract type. Concrete child types:
L2VPNSessionPeerConfigNsxT

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required
Enum: L2VPNSessionPeerConfigNsxT

L2VPNSessionRemoteMacs (schema)

Remote MAC addresses list

Remote MAC addresses for all logical switches for a L2VPN session.

Name Description Type Notes
display_name Display name

L2VPN display name.		 string Readonly
remote_mac_addresses Remote MAC addresses for all logical switches

List MAC addresses for all logical switch for a particular L2VPN session.		 array of L2VPNSessionRemoteMacsForLS Readonly
session_id Session identifier

L2VPN session identifier.		 string Readonly

L2VPNSessionRemoteMacsForLS (schema)

Remote MAC addresses for logical switch

Remote MAC addresses for logical switch.

Name Description Type Notes
logical_switch Logical switch

Logical switch.		 ResourceReference Readonly
remote_mac_addresses Mac addresses

Mac addresses.		 array of string Readonly
tags Attributes Tags

Contains policy specific information like policy path.		 array of Tag Maximum items: 30

L2VPNSessionStatistics (schema)

L2VPN session statistics

Session statistics gives VPN session status and traffic statistics per logical switch.

Name Description Type Notes
display_name Display name

L2VPN display name.		 string Readonly
partial_stats Partial Statistics

Partial statistics is set to true if onle active node responds while standby does not. In case of both nodes responded statistics will be summed and partial stats will be false. If cluster has only active node, partial statistics will always be false.		 boolean Readonly
session_id L2VPN session id

Session identifier for L2VPN.		 string Readonly
tap_traffic_counters Tunnel port traffic counters

Tunnel port traffic counters.		 array of L2VPNTapTrafficStatistics Readonly
traffic_statistics_per_logical_switch Traffic statistics per logical switch

Traffic statistics per logical switch.		 array of L2VPNPerLSTrafficStatistics Readonly

L2VPNSessionStatisticsNsxT (schema)

L2VPN session statistics

L2VPN session statistics gives session status and traffic statistics per segment.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
display_name Display name

Display name of l2vpn session.		 string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type Must be set to the value L2VPNSessionStatisticsNsxT string Required
Enum: L2VPNSessionStatisticsNsxT
tap_traffic_counters Tunnel port traffic counters

Tunnel port traffic counters.		 array of L2VPNTapStatistics Readonly
traffic_statistics_per_segment Traffic statistics per segment

Traffic statistics per segment.		 array of L2VPNTrafficStatisticsPerSegment Readonly

L2VPNSessionStatisticsPerEP (schema)

L2VPN Session Statistics Per Enforcement Point

L2VPN Session Statistics Per Enforcement Point.
This is an abstract type. Concrete child types:
L2VPNSessionStatisticsNsxT

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required
Enum: L2VPNSessionStatisticsNsxT

L2VPNSessionStatus (schema)

L2VPN Session Status

L2VPN session status.

Name Description Type Notes
display_name Display name

L2VPN display name.		 string Readonly
session_id Session identifier

L2VPN session identifier.		 string Readonly
status L2 VPN session status

L2 VPN session status, specifies UP/DOWN.		 string Readonly
Enum: UP, DOWN
transport_tunnels Transport tunnels status

Transport tunnels status.		 array of L2VPNTransportTunnelStatus
(Abstract type: pass one of the following concrete types)
IPSecVPNTransportStatus		 Readonly

L2VPNSessionStatusNsxT (schema)

L2VPN session status summary

L2VPN Session Status represents status on an NSX-T type of enforcement point.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
display_name Display name

Display name of l2vpn session.		 string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type Must be set to the value L2VPNSessionStatusNsxT string Required
Enum: L2VPNSessionStatusNsxT
runtime_status L2 VPN session status

L2 VPN session status, specifies UP/DOWN.		 string Readonly
Enum: UP, DOWN
transport_tunnels Transport tunnels status

Transport tunnels status.		 array of L2VPNSessionTransportTunnelStatus
(Abstract type: pass one of the following concrete types)
IPSecVpnTransportStatus		 Readonly

L2VPNSessionStatusPerEP (schema)

L2VPN Session Status Per Enforcement Point

L2VPN Session Status Per Enforcement Point.
This is an abstract type. Concrete child types:
L2VPNSessionStatusNsxT

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required
Enum: L2VPNSessionStatusNsxT

L2VPNSessionSummary (schema)

L2VPN session status summary

List summary of L2VPN sessions.

Name Description Type Notes
established_l2vpn_sessions Established L2VPN sessions

Number of established L2VPN sessions. L2VPN session is established when all the tunnels are up.		 integer Readonly
failed_l2vpn_sessions Failed L2VPN sessions

Number of failed L2VPN sessions. L2VPN session is failed when all the tunnels are down.		 integer Readonly
total_l2vpn_sessions Total L2VPN sessions

Total L2VPN sessions configured.		 integer Readonly

L2VPNSessionTransportTunnelData (schema)

L2VPN Session Transport Tunnel Data

L2VPN Session Transport Tunnel Data uses a peer code which has all the
information to create the transport tunnel.

Name Description Type Notes
local_address IPv4 Address of local endpoint

IPv4 Address of local endpoint.		 IPv4Address Required
peer_address IPv4 Address of Peer endpoint

IPv4 Address of Peer endpoint on remote site.		 IPv4Address Required
peer_code Peer code for the transport tunnel

Peer code represents a base64 encoded string which has
all the configuration for tunnel. E.g local/peer ips and
protocol, encryption algorithm, etc. Peer code also contains
PSK; be careful when sharing or storing it.
string

L2VPNSessionTransportTunnelPeerCode (schema)

L2VPN Transport Tunnel Peer Code

L2VPN transport tunnel peer code.

Name Description Type Notes
peer_code Peer code for the transport tunnel

Peer code represents a base64 encoded string which has
all the configuration for tunnel. E.g local/peer ips and
protocol, encryption algorithm, etc. Peer code also contains
PSK; be careful when sharing or storing it.
string Readonly
transport_tunnel_path Policy Path referencing the transport tunnel. string Readonly

L2VPNSessionTransportTunnelStatus (schema)

Transport tunnel status

Transport tunnel status. This is an abstract type. Concrete child types:
IPSecVpnTransportStatus

Name Description Type Notes
resource_type string Required
Enum: IPSecVpnTransportStatus
transport_tunnel_path Policy path referencing Transport Tunnel

Policy path referencing Transport Tunnel.		 string Readonly

L2VPNTapStatistics (schema)

L2VPN TAP (Terminal access point) traffic statistics

TAP (Terminal access point) traffic statistics for L2VPN.

Name Description Type Notes
bytes_in Bytes in

Total number of incoming bytes.
integer Readonly
bytes_out Bytes out

Total number of outgoing bytes.
integer Readonly
packets_in Packets in

Total number of incoming packets.
integer Readonly
packets_out Packets out

Total number of outgoing packets.
integer Readonly
packets_receive_error packets recieved error

Total number of incoming packets dropped.
integer Readonly
packets_sent_error Packets sent error

Total number of packets dropped while sending for any reason.
integer Readonly

L2VPNTapTrafficStatistics (schema)

L2VPN TAP (Terminal access point) traffic statistics

TAP (Terminal access point) traffic statistics for L2VPN.

Name Description Type Notes
bytes_in Bytes in

Total number of incoming bytes.		 integer Readonly
bytes_out Bytes out

Total number of outgoing bytes.		 integer Readonly
packets_in Packets in

Total number of incoming packets.		 integer Readonly
packets_out Packets out

Total number of outgoing packets.		 integer Readonly
packets_receive_error packets recieved error

Total number of incoming packets dropped.		 integer Readonly
packets_sent_error Packets sent error

Total number of packets dropped while sending for any reason.		 integer Readonly

L2VPNTrafficStatisticsPerSegment (schema)

Traffic statistics per segment

Traffic statistics for a segment.

Name Description Type Notes
bum_bytes_in Broadcast, Unknown unicast and Multicast (BUM) bytes in

Total number of incoming Broadcast, Unknown unicast and Multicast (BUM) bytes.
integer Readonly
bum_bytes_out Broadcast, Unknown unicast and Multicast (BUM) bytes out

Total number of outgoing Broadcast, Unknown unicast and Multicast (BUM) bytes.
integer Readonly
bum_packets_in Broadcast, Unknown unicast and Multicast (BUM) packets in

Total number of incoming Broadcast, Unknown unicast and Multicast (BUM) packets.
integer Readonly
bum_packets_out Broadcast, Unknown unicast and Multicast (BUM) packets out

Total number of outgoing Broadcast, Unknown unicast and Multicast (BUM) packets.
integer Readonly
bytes_in Bytes in

Total number of incoming bytes.
integer Readonly
bytes_out Bytes out

Total number of outgoing bytes.
integer Readonly
packets_in Packets in

Total number of incoming packets.
integer Readonly
packets_out Packets out

Total number of outgoing packets.
integer Readonly
packets_receive_error Packets received error

Total number of incoming packets dropped.
integer Readonly
packets_sent_error Packets sent error

Total number of packets dropped while sending for any reason.
integer Readonly
segment_path Segment Path

Policy path referencing the segment on which stats are gathered.
string Readonly

L2VPNTransportTunnelStatus (schema)

Transport tunnel status

Transport tunnel status. This is an abstract type. Concrete child types:
IPSecVPNTransportStatus

Name Description Type Notes
resource_type TransportTunnelResourceType Required
tunnel_id Transport tunnel id

Transport tunnel id.		 ResourceReference Readonly

L2VPNTunnelEncapsulation (schema)

L2VPN Tunnel Encapsulation

L2VPN tunnel encapsulation config.

Name Description Type Notes
local_endpoint_address IP Address of the tunnel port

IP Address of the local tunnel port. This property only applies in
CLIENT mode.
IPv4Address Readonly
peer_endpoint_address IP Address of the peer tunnel port

IP Address of the peer tunnel port. This property only applies in
CLIENT mode.
IPv4Address Readonly
protocol Encapsulation protocol

Encapsulation protocol used by the tunnel.		 string Readonly
Enum: GRE
Default: "GRE"

L2Vpn (schema) (Deprecated)

L2 Virtual Private Network Configuration

Contains information necessary to configure L2Vpn.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable L2Vpn

Enable to extend all the associated segments.
boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L2Vpn string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_tunnels List of paths referencing transport tunnels

List of paths referencing transport tunnels.
array of string Required
Minimum items: 1
Maximum items: 1
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L2VpnAttachmentContext (schema) (Deprecated)

Name Description Type Notes
allocate_addresses A flag to indicate whether to allocate addresses from allocation pools bound to the parent logical switch. string Enum: IpPool, MacPool, Both, None, Dhcp
local_egress_ip Array of local egress IPs

List of local egress IP addresses, used for
local egress optimization.
array of IPElement
resource_type Must be set to the value L2VpnAttachmentContext string Required
tunnel_id Tunnel Id to uniquely identify the extension. int Required
Minimum: 1
Maximum: 4093

L2VpnContext (schema) (Deprecated)

L2Vpn Context

L2Vpn Context provides meta-data information about the parent Tier-0.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_hub Enable to act as hub

If enabled, the tier-0 acts as a Hub and replicates traffic received from
peer to all other peers. If disabled, the tier-0 acts as a Spoke and
replicates only the local.
boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L2VpnContext string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L2VpnService (schema)

L2VPN Service

Defines if service running as server or client Also defines all the common properties for the multiple L2VpnSessions associated with this service.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_full_mesh Enable full mesh topology

Full mesh topology auto disables traffic replication between connected
peers. However, this property is deprecated. Please refer enable_hub
property instead to control client to client forwarding via the server.
The value of enable_full_mesh will not be used anymore. If enable_hub
is not provided explicitly, the default value of it will be used.
boolean Deprecated
Default: "False"
enable_hub Enable client to client forwarding via server

This property only applies in SERVER mode. If set to true,
traffic from any client will be replicated to all other clients.
If set to false, traffic received from clients is only replicated
to the local VPN endpoint.
boolean Default: "False"
id Unique identifier of this resource string Sortable
logical_router_id Logical router id

Logical router id		 string Required
logical_tap_ip_pool IP Pool for Logical Taps

IP Pool to allocate local and peer endpoint IPs for L2VpnSession logical Tap.		 array of IPv4CIDRBlock
mode L2VPN Service Mode

Specify an L2VPN service mode as SERVER or CLIENT. L2VPN service
in SERVER mode requires user to configure L2VPN session explicitly.
L2VPN service in CLIENT mode can use peercode generated from SERVER
to configure L2VPN session.
string Enum: SERVER, CLIENT
Default: "SERVER"
resource_type Must be set to the value L2VpnService string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

L2VpnServiceListResult (schema)

List all L2VPN services

Paginated list all the L2VPN services.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results L2VPN serivce list result array of L2VpnService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

L2VpnSession (schema)

L2VPN Session

Defines the tunnel local and peer addresses along with the multiple tansport tunnels for redundancy. L2VpnSession belongs on to only one L2VpnService.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable L2VPN session

Enable to extend all the associated logical switches.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
l2vpn_service_id L2VPN service id

L2VPN service id		 string Required
l2vpn_tcp_mss_clamping L2VPN TCP MSS Clamping L2VpnTcpMssClamping
resource_type Must be set to the value L2VpnSession string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_tunnels List of transport tunnels

List of transport tunnels for redundancy.		 array of ResourceReference Required
Minimum items: 1
Maximum items: 1
tunnel_encapsulation Tunnel encapsulation config

Tunnel encapsulation config. For hub, this property should not be provided as it will be auto-generated. For spoke, this property must be provided.		 L2VpnTunnelEncapsulation

L2VpnSessionListParameters (schema)

L2VPNSession list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
l2vpn_service_id Id of the L2Vpn Service

If provided, only sessions associated with the given L2Vpn service will be returned		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

L2VpnSessionListResult (schema)

List all L2VPN sessions

Paginated list all the L2VPN sessions

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results L2VPN sessions list result array of L2VpnSession Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

L2VpnSessionPeerCodes (schema)

Peer code to configure the other side of the tunnel

Get the peer_code for each tunnel to paste on the remote end of the tunnel. Currently only stand-along/unmanaged edge is supported on the remote end of the tunnel.

Name Description Type Notes
peer_codes List of peer codes

List of peer codes per transport tunnel.		 array of L2VpnTunnelPeerCode Required
Minimum items: 1
Maximum items: 1

L2VpnSessionRemoteMacForSegment (schema)

Remote MAC addresses for logical switch

Remote MAC addresses for logical switch.

Name Description Type Notes
remote_mac_addresses Mac addresses

Remote Mac addresses.		 array of string Readonly
segment_path Segment Path

Intent path of the segment.		 string Required

L2VpnSessionRemoteMacNsxT (schema)

L2Vpn session Remote Mac

Remote Macs of L2Vpn Session on NsxT.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
display_name Display Name

Display name of L2Vpn session.
string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
remote_macs Remote mac addresses

List of mac addresses of logical switches
for an l2vpn session.
array of L2VpnSessionRemoteMacForSegment Readonly
resource_type Must be set to the value L2VpnSessionRemoteMacNsxT string Required
Enum: L2VpnSessionRemoteMacNsxT

L2VpnSessionRemoteMacPerEP (schema)

L2Vpn Session Remote Macs Per EP

L2Vpn Session Remote Macs Per Enforcement Point.
This is an abstract type. Concrete child types:
L2VpnSessionRemoteMacNsxT

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required
Enum: L2VpnSessionRemoteMacNsxT

L2VpnTcpMssClamping (schema)

TCP MSS Clamping Object for L2VPN Session

TCP MSS Clamping Direction and value for L2VPN session.

Name Description Type Notes
direction MSS Clamping direction

Specifies the traffic direction for which to apply MSS Clamping. If direction is None, the feature is disabled.		 string Enum: NONE, BOTH
Default: "BOTH"
max_segment_size Maximum Segment Size value

It defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 108 to 8860.		 integer Minimum: 108
Maximum: 8860

L2VpnTunnelEncapsulation (schema)

L2VPN tunnel encapsulation config

L2VPN tunnel encapsulation config

Name Description Type Notes
local_endpoint_ip IP Address of the tunnel port

IP Address of the tunnel port. For hub, the IP is allocated from L2VpnService logical_tap_ip_pool. All sessions on same L2VpnService get the same local_endpoint_ip. For spoke, the IP must be provided.		 IPv4Address
peer_endpoint_ip IP Address of the peer tunnel port

IP Address of the peer tunnel port. For hub, the IP is allocated from L2VpnService logical_tap_ip_pool. For spoke, the IP must be provided.		 IPv4Address
protocol Encapsulation protocol

Encapsulation protocol used by the tunnel		 string Enum: GRE
Default: "GRE"

L2VpnTunnelPeerCode (schema)

L2Vpn tunnel peer code

L2Vpn tunnel peer code

Name Description Type Notes
peer_code Peer code for the tunnel

Copy this code to paste on the remote end of the tunnel. This is a base64 encoded string which has all the configuration for tunnel. E.g tap device local/peer ips and protocol, encryption algorithm, etc. The peer code also contains a pre-shared key; be careful when sharing or storing it.		 string Required
transport_tunnel Transport tunnel ResourceReference Required

L3Vpn (schema) (Deprecated)

L3 Virtual Private Network Configuration

Contains information necessary to configure IPSec VPN.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
dh_groups DH group

Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14.
array of PolicyDHGroup Maximum items: 1
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_perfect_forward_secrecy Enable perfect forward secrecy

If true, perfect forward secrecy (PFS) is enabled.
boolean Default: "True"
enabled Enable L3Vpn

Flag to enable L3Vpn. Default is enabled.
boolean Default: "True"
id Unique identifier of this resource string Sortable
ike_digest_algorithms Digest Algorithm for IKE

Algorithm to be used for message digest during Internet Key Exchange(IKE)
negotiation. Default is SHA2_256.
array of PolicyIKEDigestAlgorithm Maximum items: 1
ike_encryption_algorithms Encryption algorithm for IKE

Algorithm to be used during Internet Key Exchange(IKE) negotiation.
Default is AES_128.
array of PolicyIKEEncryptionAlgorithm Maximum items: 1
ike_version IKE version

IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.
PolicyIKEVersion Default: "IKE_V2"
l3vpn_session L3Vpn Session L3VpnSession
(Abstract type: pass one of the following concrete types)
PolicyBasedL3VpnSession
RouteBasedL3VpnSession		 Required
local_address IPv4 address of local gateway IPv4Address Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
passphrases List of IPSec pre-shared keys

List of IPSec pre-shared keys used for IPSec authentication. If not
specified, the older passphrase values are retained if there are any.
array of string Maximum items: 1
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
remote_private_address Identifier of the remote site

This field is used to resolve conflicts in case of a remote site being
behind NAT as remote public ip address is not enough. If it is not the
case the remote public address should be provided here. If not provided,
the value of this field is set to remote_public_address.
string
remote_public_address Public IPv4 address of remote gateway IPv4Address Required
resource_type Must be set to the value L3Vpn string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tunnel_digest_algorithms Digest Algorithm for Tunnel Establishment

Algorithm to be used for message digest during tunnel establishment.
Default algorithm is empty.
array of PolicyTunnelDigestAlgorithm Maximum items: 1
tunnel_encryption_algorithms Encryption algorithm for Tunnel Establishement

Encryption algorithm to encrypt/decrypt the messages exchanged between
IPSec VPN initiator and responder during tunnel negotiation. Default is
AES_GCM_128.
array of PolicyTunnelEncryptionAlgorithm Maximum items: 1
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L3VpnContext (schema) (Deprecated)

L3Vpn Context

L3Vpn Context provides the configuration context that different L3Vpns can consume.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
available_local_addresses IPv4 addresses of the local gateway

Local gateway IPv4 addresses available for configuration of each L3Vpn.
array of PolicyIPAddressInfo
bypass_rules List of Bypass L3VpnRules

Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is
supported on these L3Vpn rules.
array of L3VpnRule
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable L3 Virtual Private Network (VPN) service

If true, enable L3Vpn Service for given tier-0. Enabling/disabling this
service affects all L3Vpns under the given tier-0.
boolean Default: "True"
id Unique identifier of this resource string Sortable
ike_log_level Internet key exchange (IKE) log level

Log level for internet key exchange (IKE).
string Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY
Default: "INFO"
label Policy path referencing Label

Policy path referencing Label. A label is used as a mechanism to group
route-based L3Vpns in order to apply edge firewall rules on members' VTIs.
string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L3VpnContext string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L3VpnRule (schema) (Deprecated)

L3Vpn Rule

For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used
for transit traffic that meets the rule's match criteria.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action to apply to the traffic transiting through the L3Vpn

Action to exchange data with or without protection.
PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per
L3Vpn.
BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per
L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over
protect rules.
string Enum: PROTECT, BYPASS
Default: "PROTECT"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destinations List of remote subnets

List of remote subnets used in policy-based L3Vpn.
array of L3VpnSubnet Required
Minimum items: 1
Maximum items: 128
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L3VpnRule string
sequence_number Sequence number of the L3VpnRule

This field is used to resolve conflicts between multiple L3VpnRules associated with a
single L3Vpn or L3VpnContext.
int
sources List of local subnets

List of local subnets used in policy-based L3Vpn.
array of L3VpnSubnet Required
Minimum items: 1
Maximum items: 128
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L3VpnSession (schema) (Deprecated)

L3Vpn Session

Contains information about L3Vpn session.
This is an abstract type. Concrete child types:
PolicyBasedL3VpnSession
RouteBasedL3VpnSession

Name Description Type Notes
resource_type L3VpnSessionResourceType Required

L3VpnSessionResourceType (schema) (Deprecated)

Resource type of L3Vpn Session

- A Policy Based L3Vpn is a configuration in which protect rules to match local
and remote subnet needs to be defined. Tunnel is established for each pair of
local and remote subnet defined in protect rules.
- A Route Based L3Vpn is more flexible, more powerful and recommended over policy
based. IP Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through BGP.
A route based L3Vpn is required when using redundant L3Vpn.

Name Description Type Notes
L3VpnSessionResourceType Resource type of L3Vpn Session

- A Policy Based L3Vpn is a configuration in which protect rules to match local
and remote subnet needs to be defined. Tunnel is established for each pair of
local and remote subnet defined in protect rules.
- A Route Based L3Vpn is more flexible, more powerful and recommended over policy
based. IP Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through BGP.
A route based L3Vpn is required when using redundant L3Vpn.
string Deprecated
Enum: PolicyBasedL3VpnSession, RouteBasedL3VpnSession

L3VpnSubnet (schema) (Deprecated)

Subnet used in L3Vpn Rule

Used to specify subnets in L3Vpn rule.

Name Description Type Notes
subnet Subnet

Subnet used in L3Vpn Rule.
IPv4CIDRBlock Required

L4PortSetNSService (schema)

An NSService element that represents TCP or UDP protocol

L4PortSet can be specified in comma separated notation of parts. Parts of a
L4PortSet includes single integer or range of port in hyphen notation.
Example of a PortSet: "22, 33-70, 44".

Name Description Type Notes
destination_ports Destination ports

Number of values should not exceed 15, ranges count as 2 values.
array of PortElement Maximum items: 15
l4_protocol string Required
Enum: TCP, UDP
resource_type Must be set to the value L4PortSetNSService string Required
Enum: EtherTypeNSService, IPProtocolNSService, IGMPTypeNSService, ICMPTypeNSService, ALGTypeNSService, L4PortSetNSService
source_ports Source ports

Number of values should not exceed 15, ranges count as 2 values.
array of PortElement Maximum items: 15

L4PortSetServiceEntry (schema)

An ServiceEntry that represents TCP or UDP protocol

L4PortSet can be specified in comma separated notation of parts. Parts of a
L4PortSet includes single integer or range of port in hyphen notation.
Example of a PortSet: "22, 33-70, 44".

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_ports Number of values should not exceed 15, ranges count as 2 values.
array of PortElement Maximum items: 15
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
l4_protocol string Required
Enum: TCP, UDP
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L4PortSetServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports Number of values should not exceed 15, ranges count as 2 values.
array of PortElement Maximum items: 15
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L7AccessAttributes (schema)

Policy Attributes data holder

Supported Attribute Keys are APP_ID, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL

Name Description Type Notes
attribute_source Source of attribute value i.e whether system defined or custom value string Enum: SYSTEM, CUSTOM
Default: "SYSTEM"
datatype Datatype for attribute string Required
Enum: STRING
description Description for attribute value string
isALGType Is the value ALG type

Describes whether the APP_ID value is ALG type or not.		 boolean
key Key for attribute

URL_Reputation is currently not available. Please do not use it in Attribute Key while creating context profile		 string Required
Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
metadata Provide additional meta information about key/values

This is optional part that can hold additional data about the attribute key/values.
Example - For URL CATEGORY key , it specified super category for url category value.
This is generic array and can hold multiple meta information about key/values in future
array of ContextProfileAttributesMetadata
sub_attributes Reference to sub attributes for the attribute array of PolicySubAttributes
value Value for attribute key

Multiple attribute values can be specified as elements of array.
array of string Required
Minimum items: 1

L7AccessEntry (schema)

Policy L7 Access entry

An entity that encapsulates attributes like APP_ID, CUSTOM_URL, URL_CATEGORY, URL_REPUTATION.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action L7AccessEntryAction Required
attributes Array of Policy L7 Access Profile attributes

Property containing attributes/sub-attributes for Policy L7 Access Profile.		 array of L7AccessAttributes Required
Maximum items: 1
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
disabled Flag to disable the entry

Flag to disable the entry. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L7AccessEntry string
sequence_number Policy L7 Access Entry Order

Determines the order of the entry in this profile. If no sequence number is
specified in the payload, a value of 0 is assigned by default. If there are
multiple rules with the same sequence number then their order is not deterministic.
int
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L7AccessEntryAction (schema)

L7 acces profile entry action

The action to be applied to all the services.

Name Description Type Notes
L7AccessEntryAction L7 acces profile entry action

The action to be applied to all the services.		 string Required
Enum: ALLOW, REJECT, REJECT_WITH_RESPONSE

L7AccessEntryListRequestParameters (schema)

Policy L7 access entry list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

L7AccessEntryListResult (schema)

Paged Collection of l7 profile entries

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results L7 access Entry list results array of L7AccessEntry Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

L7AccessProfile (schema)

Policy L7 Acces profile

An entity that encapsulates multiple L7 access profile entries.
The entity wil be consumed in firewall rules and can be added in new tuple called profile in
firewall rules. One of either Context Profile or L7 Access Profile can be used in firewall rule.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildL7AccessEntry
default_action L7AccessEntryAction Required
default_action_logged Enable default logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
entry_count Entry count

The count of entries in the L7 profile.
int Readonly
id Unique identifier of this resource string Sortable
l7_access_entries Array of Policy L7 Access Profile entries

Property containing L7 access entries for Policy L7 Access Profile.
array of L7AccessEntry Maximum items: 1000
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value L7AccessProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

L7AccessProfileListRequestParameters (schema)

Policy L7 access profile list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_entry_count Include the count of entries in L7 Profile

If true, populate the entry_count field with the count of rules in
the particular policy. By default, entry_count will not be populated.
boolean Default: "False"
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

L7AccessProfileListResult (schema)

Paged Collection of Policy L7 Access profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy L7 Access profile list results array of L7AccessProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBAccessListControl (schema)

IP access list control to filter the connections from clients

LBAccessListControl is used to define how IP access list control can filter
the connections from clients.

Name Description Type Notes
action IP access list control action

ALLOW means connections matching grouping object IP list are allowed
and requests not matching grouping object IP list are dropped.
DROP means connections matching grouping object IP list are dropped
and requests not matching grouping object IP list are allowed.
string Required
Enum: ALLOW, DROP
enabled Whether to enable access list control option

The enabled flag indicates whether to enable access list control option.
It is false by default.
boolean Default: "False"
group_path Grouping object path

The path of grouping object which defines the IP addresses or
ranges to match the client IP.
string Required

LBActiveMonitor (schema) (Deprecated)

Base class for each type of active LBMonitorProfile

All the active types of LBMonitorProfile extend from this abstract class.
This is present for extensibility.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count Monitor fall count for active healthchecks

Only if a healthcheck fails consecutively for a specified number of
times, given with fall_count, to a member will the member status be
marked DOWN.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval Monitor interval in seconds for active healthchecks

Active healthchecks are initiated periodically, at a configurable
interval (in seconds), to each member of the Group.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
monitor_port Monitor port for active healthchecks

Typically, monitors perform healthchecks to Group members using the
member IP address and pool_port.
However, in some cases, customers prefer to run healthchecks against a
different port than the pool member port which handles actual
application traffic. In such cases, the port to run healthchecks
against can be specified in the monitor_port value.
For ICMP monitor, monitor_port is not required.
int Minimum: 0
Maximum: 65535
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBActiveMonitor LBMonitorProfileType Required
rise_count Monitor rise count for active healthchecks

Once a member is DOWN, a specified number of consecutive successful
healthchecks specified by rise_count will bring the member back to UP
state.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Monitor timeout in seconds for active healthchecks

Timeout specified in seconds. After a healthcheck is initiated, if it
does not complete within a certain period, then also the healthcheck
is considered to be unsuccessful. Completing a healthcheck within
timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the
configured timeout.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBAppProfile (schema)

App profile

App profile. This is an abstract type. Concrete child types:
LBFastTcpProfile
LBFastUdpProfile
LBHttpProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBAppProfile LBApplicationProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBAppProfileListResult (schema)

Paged Collection of LBAppProfile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LBAppProfile list results array of LBAppProfile
(Abstract type: pass one of the following concrete types)
LBFastTcpProfile
LBFastUdpProfile
LBHttpProfile		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBApplicationProfileType (schema)

Application profile type

An application profile can be bound to a virtual server
to specify the application protocol characteristics. It is used to
influence how load balancing is performed. Currently, three types of
application profiles are supported: LBFastTCPProfile,
LBFastUDPProfile and LBHttpProfile.
LBFastTCPProfile or LBFastUDPProfile is typically
used when the application is using a custom protocol or a standard protocol
not supported by the load balancer. It is also used in cases where the user
only wants L4 load balancing mainly because L4 load balancing has much
higher performance and scalability, and/or supports connection mirroring.
LBHttpProfile is used for both HTTP and HTTPS applications.
Though application rules, if bound to the virtual server, can be used
to accomplish the same goal, LBHttpProfile is intended to
simplify enabling certain common use cases.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
LBApplicationProfileType Application profile type

An application profile can be bound to a virtual server
to specify the application protocol characteristics. It is used to
influence how load balancing is performed. Currently, three types of
application profiles are supported: LBFastTCPProfile,
LBFastUDPProfile and LBHttpProfile.
LBFastTCPProfile or LBFastUDPProfile is typically
used when the application is using a custom protocol or a standard protocol
not supported by the load balancer. It is also used in cases where the user
only wants L4 load balancing mainly because L4 load balancing has much
higher performance and scalability, and/or supports connection mirroring.
LBHttpProfile is used for both HTTP and HTTPS applications.
Though application rules, if bound to the virtual server, can be used
to accomplish the same goal, LBHttpProfile is intended to
simplify enabling certain common use cases.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.
string Enum: LBHttpProfile, LBFastTcpProfile, LBFastUdpProfile

LBClientCertificateIssuerDnCondition (schema) (Deprecated)

Match condition for client certficate issuer DN

Match condition for client certficate issuer DN.

Name Description Type Notes
case_sensitive A case sensitive flag for issuer DN comparing

If true, case is significant when comparing issuer DN value.
boolean Default: "True"
issuer_dn Value of issuer DN

Value of issuer DN.		 string Required
match_type Match type of issuer DN

Match type of issuer DN.		 LbRuleMatchType Default: "REGEX"

LBClientCertificateSubjectDnCondition (schema) (Deprecated)

Match condition for client certficate subject DN

Match condition for client certficate subject DN.

Name Description Type Notes
case_sensitive A case sensitive flag for subject DN comparing

If true, case is significant when comparing subject DN value.
boolean Default: "True"
match_type Match type of subject DN

Match type of subject DN.		 LbRuleMatchType Default: "REGEX"
subject_dn Value of subject DN

Value of subject DN.		 string Required

LBClientSslProfile (schema) (Deprecated)

Client SSL profile

Client SSL profile.
LBClientSslProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cipher_group_label Label of cipher group

It is a label of cipher group which is mostly consumed by GUI.
SslCipherGroup
ciphers Supported SSL cipher list to client side

Supported SSL cipher list to client side.		 array of SslCipher
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_fips FIPS compliance of ciphers and protocols

This flag is set to true when all the ciphers and protocols are FIPS
compliant. It is set to false when one of the ciphers or protocols are
not FIPS compliant..
boolean Readonly
is_secure Secure/Insecure SSL profile flag

This flag is set to true when all the ciphers and protocols are secure.
It is set to false when one of the ciphers or protocols is insecure.
boolean Readonly
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
prefer_server_ciphers Prefer server ciphers flag

During SSL handshake as part of the SSL client Hello client sends an
ordered list of ciphers that it can support (or prefers) and typically
server selects the first one from the top of that list it can also
support. For Perfect Forward Secrecy(PFS), server could override the
client's preference.
boolean Default: "True"
protocols Supported SSL protocol list to client side

SSL versions TLS1.1 and TLS1.2 are supported and enabled by default.
SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default.
array of SslProtocol
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBClientSslProfile string
session_cache_enabled Session cache enable/disable flag

SSL session caching allows SSL client and server to reuse previously
negotiated security parameters avoiding the expensive public key
operation during handshake.
boolean Default: "True"
session_cache_timeout SSL session cache timeout value

Session cache timeout specifies how long the SSL session parameters
are held on to and can be reused.
integer Minimum: 1
Maximum: 86400
Default: "300"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBClientSslProfileBinding (schema) (Deprecated)

Client SSL profile binding

Client SSL profile binding.
LBClientSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.

Name Description Type Notes
certificate_chain_depth The maximum traversal depth of client certificate chain

Authentication depth is used to set the verification depth in the client
certificates chain.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
client_auth Client authentication mode

Client authentication mode.		 ClientAuthType Default: "IGNORE"
client_auth_ca_paths CA path list to verify client certificate

If client auth type is REQUIRED, client certificate must be signed by
one of the trusted Certificate Authorities (CAs), also referred to as
root CAs, whose self signed certificates are specified.
array of string
client_auth_crl_paths CRL path list to verify client certificate

A Certificate Revocation List (CRL) can be specified in the client-side
SSL profile binding to disallow compromised client certificates.
array of string
default_certificate_path Default service certificate identifier

A default certificate should be specified which will be used if the
server does not host multiple hostnames on the same IP address or if
the client does not support SNI extension.
string Required
sni_certificate_paths SNI certificate path list

Client-side SSL profile binding allows multiple certificates, for
different hostnames, to be bound to the same virtual server.
array of string
ssl_profile_path Client SSL profile path

Client SSL profile defines reusable, application-independent client side
SSL properties.
string

LBClientSslProfileListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of load balancer client SSL profiles array of LBClientSslProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBConnectionDropAction (schema) (Deprecated)

Action to drop connections

This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.

Name Description Type Notes
type Must be set to the value LBConnectionDropAction LBRuleActionType Required

LBCookiePersistenceProfile (schema) (Deprecated)

LBPersistenceProflie using Cookies for L7 LBVirtualServer

Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBCookiePersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cookie_domain Cookie domain

HTTP cookie domain could be configured, only available for insert mode.
string
cookie_fallback Cookie persistence fallback

If fallback is true, once the cookie points to a server that is down
(i.e. admin state DISABLED or healthcheck state is DOWN), then a new
server is selected by default to handle that request.
If fallback is false, it will cause the request to be rejected if
cookie points to a server.
boolean Default: "True"
cookie_garble Cookie persistence garble

If garble is set to true, cookie value (server IP and port) would be
encrypted.
If garble is set to false, cookie value would be plain text.
boolean Default: "True"
cookie_httponly Cookie httponly flag

If cookie httponly flag is true, it prevents a script running in the
browser from accessing the cookie. Only available for insert mode.
boolean Default: "False"
cookie_mode Cookie persistence mode

Cookie persistence mode.		 CookiePersistenceModeType Default: "INSERT"
cookie_name Cookie name

Cookie name.		 string Default: "NSXLB"
cookie_path Cookie path

HTTP cookie path could be set, only available for insert mode.
string
cookie_secure Cookie secure flag

If cookie secure flag is true, it prevents the browser from sending a
cookie over http. The cookie is sent only over https. Only available
for insert mode.
boolean Default: "False"
cookie_time Cookie time setting

Both session cookie and persistence cookie are supported, if not
specified, it's a session cookie. It expires when the browser is
closed.
LBCookieTime
(Abstract type: pass one of the following concrete types)
LBPersistenceCookieTime
LBSessionCookieTime
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
persistence_shared Persistence shared across LBVirtualServers

Persistence shared setting indicates that all LBVirtualServers
that consume this LBPersistenceProfile should share the same
persistence mechanism when enabled. Meaning, persistence entries of
a client accessing one virtual server will also affect the same
client's connections to a different virtual server. For example, say
there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to
the same Group g1 consisting of two servers (s11:80 and s12:80). By
default, each virtual server will have its own persistence table or
cookie. So, in the earlier example, there will be two tables
(vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client
connects to vip1:80 and later connects to vip1:8080, the second
connection may be sent to a different server than the first. When
persistence_shared is enabled, then the second connection will always
connect to the same server as the original connection. For COOKIE
persistence type, the same cookie will be shared by multiple virtual
servers. For SOURCE_IP persistence type, the persistence table will
be shared across virtual servers. For GENERIC persistence type, the
persistence table will be shared across virtual servers which consume
the same persistence profile in LBRule actions.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBCookiePersistenceProfile string Required
Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBCookieTime (schema) (Deprecated)

Cookie time

Cookie time. This is an abstract type. Concrete child types:
LBPersistenceCookieTime
LBSessionCookieTime

Name Description Type Notes
type LBCookieTimeType Required

LBCookieTimeType (schema) (Deprecated)

CookieTime type

Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting

Name Description Type Notes
LBCookieTimeType CookieTime type

Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting
string Deprecated
Enum: LBSessionCookieTime, LBPersistenceCookieTime

LBEdgeNodeUsage (schema)

The load balancer usage for an edge node

The capacity contains basic information and load balancer entity usages
and capacity for the given edge node.

Name Description Type Notes
current_large_load_balancer_count The current large load balancer count

The count of large load balancer services configured on the node.
integer Readonly
current_load_balancer_credits Current load balancer credits

The current load balancer credits means the current credits used on the
node. For example, configuring a medium load balancer on a node
consumes 10 credits. If there are 2 medium instances configured on a
node, the current credit number is 2 * 10 = 20.
integer Readonly
current_medium_load_balancer_count The current medium load balancer count

The count of medium load balancer services configured on the node.
integer Readonly
current_pool_count The current pool count.

The count of pools configured on the node.
integer Readonly
current_pool_member_count The current pool member count

The count of pool members configured on the node.
integer Readonly
current_small_load_balancer_count The current small load balancer count

The count of small load balancer services configured on the node.
integer Readonly
current_virtual_server_count The current virtual server count

The count of virtual servers configured on the node.
integer Readonly
current_xlarge_load_balancer_count The current xlarge load balancer count

The count of xlarge load balancer services configured on the node.
integer Readonly
edge_cluster_path The path of edge cluster

The path of edge cluster which contains the edge node.
string Readonly
form_factor The form factor of the given edge node

The form factor of the given edge node.
string Readonly
Enum: SMALL_VIRTUAL_MACHINE, MEDIUM_VIRTUAL_MACHINE, LARGE_VIRTUAL_MACHINE, XLARGE_VIRTUAL_MACHINE, PHYSICAL_MACHINE
load_balancer_credit_capacity Load balancer credit capacity

The load balancer credit capacity means the maximum credits which can
be used for load balancer configuration for the given edge node.
integer Readonly
node_path The node path for load balancer node usage

The property identifies the node path for load balancer node usage.
For example, node_path=/infra/sites/default/enforcement-points/default
/edge-clusters/85175e0b-4d74-461d-83e1-f3b785adef9c/edge-nodes
/86e077c0-449f-11e9-87c8-02004eb37029.
string Required
pool_member_capacity The pool member capacity

Pool member capacity means maximum number of pool members which can
be configured on the given edge node.
integer Readonly
remaining_large_load_balancer_count The remaining large load balancer count

The remaining count of large load balancer services which can be
configured on the given edge node.
integer Readonly
remaining_medium_load_balancer_count The remaining medium load balancer count

The remaining count of medium load balancer services which can be
configured on the given edge node.
integer Readonly
remaining_small_load_balancer_count The remaining small load balancer count

The remaining count of small load balancer services which can be
configured on the given edge node.
integer Readonly
remaining_xlarge_load_balancer_count The remaining xlarge load balancer count

The remaining count of xlarge load balancer services which can be
configured on the given edge node.
integer Readonly
resource_type Must be set to the value LBEdgeNodeUsage string Required
severity LB usage severity

The severity calculation is based on current credit usage percentage
of load balancer for one node.
LBUsageSeverity Readonly
usage_percentage Usage percentage

The usage percentage of the edge node for load balancer.
The value is the larger value between load balancer credit usage
percentage and pool member usage percentage for the edge node.
number Readonly

LBFastTcpProfile (schema)

Fast TCP profile

Fast TCP profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
close_timeout TCP connection idle timeout in seconds

It is used to specify how long a closing TCP connection (both FINs
received or a RST is received) should be kept for this application
before cleaning up the connection.
integer Minimum: 1
Maximum: 60
Default: "8"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ha_flow_mirroring_enabled Flow mirroring enabled flag

If flow mirroring is enabled, all the flows to the bounded virtual
server are mirrored to the standby node.
boolean Default: "False"
id Unique identifier of this resource string Sortable
idle_timeout TCP connection idle timeout in seconds

It is used to configure how long an idle TCP connection in ESTABLISHED
state should be kept for this application before cleaning up.
integer Minimum: 1
Maximum: 2147483647
Default: "1800"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBFastTcpProfile LBApplicationProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBFastUdpProfile (schema)

Fast UDP profile

Fast UDP profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
flow_mirroring_enabled Flow mirroring enabled flag

If flow mirroring is enabled, all the flows to the bounded virtual
server are mirrored to the standby node.
boolean Default: "False"
id Unique identifier of this resource string Sortable
idle_timeout UDP idle timeout in seconds

Though UDP is a connectionless protocol, for the purposes of load
balancing, all UDP packets with the same flow signature (source and
destination IP/ports and IP protocol) received within the idle timeout
period are considered to belong to the same connection and are sent to
the same backend server. If no packets are received for idle timeout
period, the connection (association between flow signature and the
selected server) is cleaned up.
integer Minimum: 1
Maximum: 2147483647
Default: "300"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBFastUdpProfile LBApplicationProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBGenericPersistenceProfile (schema) (Deprecated)

LB generic persistence profile

Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to virtual server directly,
it can be specified in LB rule actions. In HTTP forwarding phase,
the profile can be specified in LBVariablePersistenceOnAction. In HTTP
response rewriting phase, the profile can be specified in
LBVariablePersistenceLearnAction.
LBGenericPersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ha_persistence_mirroring_enabled Mirroring enabled flag

The mirroring enabled flag is to synchronize persistence entries.
Persistence entries are not synchronized to the HA peer by default.
boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
persistence_shared Persistence shared across LBVirtualServers

Persistence shared setting indicates that all LBVirtualServers
that consume this LBPersistenceProfile should share the same
persistence mechanism when enabled. Meaning, persistence entries of
a client accessing one virtual server will also affect the same
client's connections to a different virtual server. For example, say
there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to
the same Group g1 consisting of two servers (s11:80 and s12:80). By
default, each virtual server will have its own persistence table or
cookie. So, in the earlier example, there will be two tables
(vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client
connects to vip1:80 and later connects to vip1:8080, the second
connection may be sent to a different server than the first. When
persistence_shared is enabled, then the second connection will always
connect to the same server as the original connection. For COOKIE
persistence type, the same cookie will be shared by multiple virtual
servers. For SOURCE_IP persistence type, the persistence table will
be shared across virtual servers. For GENERIC persistence type, the
persistence table will be shared across virtual servers which consume
the same persistence profile in LBRule actions.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBGenericPersistenceProfile string Required
Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Persistence entry expiration time in seconds

When all connections complete (reference count reaches 0), persistence
entry timer is started with the expiration time.
integer Minimum: 1
Maximum: 2147483647
Default: "300"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBHttpMonitorProfile (schema) (Deprecated)

LBMonitorProfile for active health checks over HTTP

Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful.
Completing a healthcheck within timeout means establishing a connection
(TCP or SSL), if applicable, sending the request and receiving the
response, all within the configured timeout.
LBHttpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count Monitor fall count for active healthchecks

Only if a healthcheck fails consecutively for a specified number of
times, given with fall_count, to a member will the member status be
marked DOWN.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval Monitor interval in seconds for active healthchecks

Active healthchecks are initiated periodically, at a configurable
interval (in seconds), to each member of the Group.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
monitor_port Monitor port for active healthchecks

Typically, monitors perform healthchecks to Group members using the
member IP address and pool_port.
However, in some cases, customers prefer to run healthchecks against a
different port than the pool member port which handles actual
application traffic. In such cases, the port to run healthchecks
against can be specified in the monitor_port value.
For ICMP monitor, monitor_port is not required.
int Minimum: 0
Maximum: 65535
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
request_body HTTP health check request body

String to send as part of HTTP health check request body. Valid only
for certain HTTP methods like POST.
string
request_headers Array of HTTP request headers

Array of HTTP request headers.		 array of LbHttpRequestHeader
request_method The health check method for HTTP monitor type

The health check method for HTTP monitor type.		 HttpRequestMethodType Default: "GET"
request_url Customized HTTP request url for active health checks

For HTTP active healthchecks, the HTTP request url sent can be
customized and can include query parameters.
string Default: "/"
request_version HTTP request version

HTTP request version.		 HttpRequestVersionType Default: "HTTP_VERSION_1_1"
resource_type Must be set to the value LBHttpMonitorProfile LBMonitorProfileType Required
response_body Response body to match

If HTTP response body match string (regular expressions not supported)
is specified (using LBHttpMonitor.response_body) then the
healthcheck HTTP response body is matched against the specified string
and server is considered healthy only if there is a match.
If the response body string is not specified, HTTP healthcheck is
considered successful if the HTTP response status code is 2xx, but it
can be configured to accept other status codes as successful.
string
response_status_codes Array of single HTTP response status codes

The HTTP response status code should be a valid HTTP status code.
array of int Maximum items: 64
rise_count Monitor rise count for active healthchecks

Once a member is DOWN, a specified number of consecutive successful
healthchecks specified by rise_count will bring the member back to UP
state.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Monitor timeout in seconds for active healthchecks

Timeout specified in seconds. After a healthcheck is initiated, if it
does not complete within a certain period, then also the healthcheck
is considered to be unsuccessful. Completing a healthcheck within
timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the
configured timeout.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBHttpProfile (schema) (Deprecated)

Http profile

Http profile.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
http_redirect_to Http redirect static URL

If a website is temporarily down or has moved, incoming requests
for that virtual server can be temporarily redirected to a URL.
string
http_redirect_to_https Flag to indicate whether enable HTTP-HTTPS redirect

Certain secure applications may want to force communication over SSL,
but instead of rejecting non-SSL connections, they may choose to
redirect the client automatically to use SSL.
boolean Default: "False"
id Unique identifier of this resource string Sortable
idle_timeout HTTP application idle timeout in seconds

It is used to specify the HTTP application idle timeout, it means that
how long the load balancer will keep the connection idle to wait for
the client to send the next keep-alive request. It is not a TCP socket
setting.
integer Minimum: 1
Maximum: 5400
Default: "15"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
ntlm NTLM support flag

NTLM is an authentication protocol that can be used over HTTP. If the
flag is set to true, LB will use NTLM challenge/response methodology.
This property is deprecated. Please use the property server_keep_alive
in order to keep the backend server connection alive for the client
connection.
When create a new profile, if both ntlm and server_keep_alive are set
as different values, ERROR will be reported.
When update an existing profile, if either ntlm or server_keep_alive
value is changed, both of them are updated with the changed value.
boolean Deprecated
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
request_body_size Maximum size of the buffer used to store HTTP request body

If it is not specified, it means that request body size is unlimited.
integer Minimum: 1
Maximum: 2147483647
request_header_size Maximum size of the buffer used to store HTTP request headers

A request with header equal to or below this size is guaranteed to be
processed. A request with header larger than request_header_size will
be processed up to 32K bytes on best effort basis.
integer Minimum: 1
Default: "1024"
resource_type Must be set to the value LBHttpProfile LBApplicationProfileType Required
response_buffering Enable or disable buffering of responses

When buffering is disabled, the response is passed to a client
synchronously, immediately as it is received.
When buffering is enabled, LB receives a response from the backend
server as soon as possible, saving it into the buffers.
boolean Default: "False"
response_header_size Maximum size of the buffer used to store HTTP response headers

A response with header larger than response_header_size will be dropped.
integer Minimum: 1
Maximum: 65536
Default: "4096"
response_timeout Maximum server idle time in seconds

If server doesn’t send any packet within this time, the connection is closed.
integer Minimum: 1
Maximum: 2147483647
Default: "60"
server_keep_alive Server keep-alive flag

If server_keep_alive is true, it means the backend connection will keep
alive for the client connection. Every client connection is tied 1:1
with the corresponding server-side connection.
If server_keep_alive is false, it means the backend connection won't
keep alive for the client connection.
If server_keep_alive is not specified for API input, its value in API
output will be the same with the property ntlm.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
x_forwarded_for Insert or replace x_forwarded_for

When X-Forwareded-For is configured, X-Forwarded-Proto and
X-Forwarded-Port information is added automatically. The two additional
header information can be also modified or deleted in load balancer
rules.
LBXForwardedForType

LBHttpRedirectAction (schema) (Deprecated)

Action to redirect HTTP request messages

This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser).
The HTTP status code for redirection is 3xx, for example, 301, 302, 303,
307, etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message.
Captured variables and built-in variables can be used in redirect_url field.
For example, to redirect all HTTP requests to HTTPS requests for a virtual
server. We create an LBRule without any conditions, add an
LBHttpRedirectAction to the rule. Set the
redirect_url field of the LBHttpRedirectAction to:
https://$_host$_request_uri
And set redirect_status to "302", which means found. This rule will
redirect all HTTP requests to HTTPS server port on the same host.

Name Description Type Notes
redirect_status HTTP response status code

HTTP response status code.		 string Required
redirect_url The URL that the HTTP request is redirected to

The URL that the HTTP request is redirected to.		 string Required
type Must be set to the value LBHttpRedirectAction LBRuleActionType Required

LBHttpRejectAction (schema) (Deprecated)

Action to reject HTTP request messages

This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LBHttpRejectAction does not support variables.

Name Description Type Notes
reply_message Response message

Response message.		 string
reply_status HTTP response status code

HTTP response status code.		 string Required
type Must be set to the value LBHttpRejectAction LBRuleActionType Required

LBHttpRequestBodyCondition (schema) (Deprecated)

Condition to match content of HTTP request message body

This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body.
The match_type field defines how body_value field is used to match the body
of HTTP requests.

Name Description Type Notes
body_value HTTP request body string Required
case_sensitive A case sensitive flag for HTTP body comparing

If true, case is significant when comparing HTTP body value.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of HTTP body LbRuleMatchType Default: "REGEX"
type Must be set to the value LBHttpRequestBodyCondition LBRuleConditionType Required

LBHttpRequestCookieCondition (schema) (Deprecated)

Condition to match HTTP request cookie

This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.

Name Description Type Notes
case_sensitive A case sensitive flag for cookie value comparing

If true, case is significant when comparing cookie value.
boolean Default: "True"
cookie_name Name of cookie

Cookie name.		 string Required
cookie_value Value of cookie

Cookie value.		 string Required
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of cookie value

Match type of cookie value.		 LbRuleMatchType Default: "REGEX"
type Must be set to the value LBHttpRequestCookieCondition LBRuleConditionType Required

LBHttpRequestHeaderCondition (schema) (Deprecated)

Condition to match HTTP request header

This condition is used to match HTTP request messages by HTTP header
fields. HTTP header fields are components of the header section of HTTP
request and response messages. They define the operating parameters of an
HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
requests. The header_name field does not support match types.

Name Description Type Notes
case_sensitive A case sensitive flag for HTTP header value comparing

If true, case is significant when comparing HTTP header value.
boolean Default: "True"
header_name Name of HTTP header string Default: "Host"
header_value Value of HTTP header string Required
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of HTTP header value LbRuleMatchType Default: "REGEX"
type Must be set to the value LBHttpRequestHeaderCondition LBRuleConditionType Required

LBHttpRequestHeaderDeleteAction (schema) (Deprecated)

Action to delete HTTP request header fields

This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.

Name Description Type Notes
header_name Name of a header field of HTTP request message

Name of a header field of HTTP request message.		 string Required
type Must be set to the value LBHttpRequestHeaderDeleteAction LBRuleActionType Required

LBHttpRequestHeaderRewriteAction (schema) (Deprecated)

Action to rewrite header fields of HTTP request messages

This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.

Name Description Type Notes
header_name Name of HTTP request header

Name of HTTP request header.		 string Required
header_value Value of HTTP request header

Value of HTTP request header.		 string Required
type Must be set to the value LBHttpRequestHeaderRewriteAction LBRuleActionType Required

LBHttpRequestMethodCondition (schema) (Deprecated)

Condition to match method of HTTP request messages

This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to
GET in this condition, any HTTP request with GET method matches the
condition.

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
method Type of HTTP request method HttpRequestMethodType Required
type Must be set to the value LBHttpRequestMethodCondition LBRuleConditionType Required

LBHttpRequestUriArgumentsCondition (schema) (Deprecated)

Condition to match URI arguments of HTTP requests

This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LBRuleAction fields which support variables.

Name Description Type Notes
case_sensitive A case sensitive flag for URI arguments comparing

If true, case is significant when comparing URI arguments.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of URI arguments LbRuleMatchType Default: "REGEX"
type Must be set to the value LBHttpRequestUriArgumentsCondition LBRuleConditionType Required
uri_arguments URI arguments

URI arguments, aka query string of URI.
string Required

LBHttpRequestUriCondition (schema) (Deprecated)

Condition to match URIs of HTTP request messages

This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression.
If an HTTP request message is requesting an URI which matches specified
regular expression, it matches the condition.
The syntax of whole URI looks like this:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI.
When match_type field is specified as REGEX, the uri field is used as a
regular expression to match URI path of HTTP requests. For example, to
match any URI that has "/image/" or "/images/", uri field can be specified
as: "/image[s]?/".
Named capturing groups can be used in the uri field to capture substrings
of matched URIs and store them in variables for use in LBRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)"
If the URI path is /articles/news/2017/06/xyz.html, then substring "2017"
is captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then
be used in an LBRuleAction field which supports variables, such as uri
field of LBHttpRequestUriRewriteAction. For example, set the uri field
of LBHttpRequestUriRewriteAction as:
"/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"

Name Description Type Notes
case_sensitive A case sensitive flag for URI comparing

If true, case is significant when comparing URI.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of URI LbRuleMatchType Default: "REGEX"
type Must be set to the value LBHttpRequestUriCondition LBRuleConditionType Required
uri A string used to identify resource string Required

LBHttpRequestUriRewriteAction (schema) (Deprecated)

Action to rewrite HTTP request URIs.

This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values.
Full URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
The uri field of this action is used to rewrite the /path part in above
scheme. And the uri_arguments field is used to rewrite the query part.
Captured variables and built-in variables can be used in the uri and
uri_arguments fields.
Check the example in LBRuleAction to see how to use variables in this
action.

Name Description Type Notes
type Must be set to the value LBHttpRequestUriRewriteAction LBRuleActionType Required
uri URI of HTTP request

URI of HTTP request.		 string Required
uri_arguments URI arguments

Query string of URI, typically contains key value pairs, for example:
foo1=bar1&foo2=bar2.
string

LBHttpRequestVersionCondition (schema) (Deprecated)

Condition to match HTTP protocol version of HTTP requests

This condition is used to match the HTTP protocol version of the HTTP
request messages.

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
type Must be set to the value LBHttpRequestVersionCondition LBRuleConditionType Required
version HTTP version HttpRequestVersionType Required

LBHttpResponseHeaderCondition (schema) (Deprecated)

Condition to match a header field of HTTP response

This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization,
User-Agent, etc. One condition can be used to match one header field, to
match multiple header fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.

Name Description Type Notes
case_sensitive A case sensitive flag for HTTP header value comparing

If true, case is significant when comparing HTTP header value.
boolean Default: "True"
header_name Name of HTTP header field string Required
header_value Value of HTTP header field string Required
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of HTTP header value LbRuleMatchType Default: "REGEX"
type Must be set to the value LBHttpResponseHeaderCondition LBRuleConditionType Required

LBHttpResponseHeaderDeleteAction (schema) (Deprecated)

Action to delete HTTP response header fields

This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined.

Name Description Type Notes
header_name Name of a header field of HTTP response message

Name of a header field of HTTP response message.		 string Required
type Must be set to the value LBHttpResponseHeaderDeleteAction LBRuleActionType Required

LBHttpResponseHeaderRewriteAction (schema) (Deprecated)

Action to rewrite HTTP response header fields

This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.

Name Description Type Notes
header_name Name of a header field of HTTP request message

Name of a header field of HTTP request message.		 string Required
header_value Value of header field

Value of header field		 string Required
type Must be set to the value LBHttpResponseHeaderRewriteAction LBRuleActionType Required

LBHttpSslCondition (schema) (Deprecated)

Condition to match SSL handshake and SSL connection

This condition is used to match SSL handshake and SSL connection at
all phases.If multiple properties are configured, the rule is considered
a match when all the configured properties are matched.

Name Description Type Notes
client_certificate_issuer_dn The issuer DN match condition of the client certificate

The issuer DN match condition of the client certificate for an
established SSL connection.
LBClientCertificateIssuerDnCondition
client_certificate_subject_dn The subject DN match condition of the client certificate

The subject DN match condition of the client certificate for an
established SSL connection.
LBClientCertificateSubjectDnCondition
client_supported_ssl_ciphers Cipher list which supported by client

Cipher list which supported by client.		 array of SslCipher
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
session_reused The type of SSL session reused

The type of SSL session reused.		 LbSslSessionReusedType Default: "IGNORE"
type Must be set to the value LBHttpSslCondition LBRuleConditionType Required
used_protocol Protocol of an established SSL connection

Protocol of an established SSL connection.		 SslProtocol
used_ssl_cipher Cipher used for an established SSL connection

Cipher used for an established SSL connection.		 SslCipher

LBHttpsMonitorProfile (schema) (Deprecated)

LBMonitorProfile for active health checks over HTTPS

Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTPS. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBHttpsMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count Monitor fall count for active healthchecks

Only if a healthcheck fails consecutively for a specified number of
times, given with fall_count, to a member will the member status be
marked DOWN.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval Monitor interval in seconds for active healthchecks

Active healthchecks are initiated periodically, at a configurable
interval (in seconds), to each member of the Group.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
monitor_port Monitor port for active healthchecks

Typically, monitors perform healthchecks to Group members using the
member IP address and pool_port.
However, in some cases, customers prefer to run healthchecks against a
different port than the pool member port which handles actual
application traffic. In such cases, the port to run healthchecks
against can be specified in the monitor_port value.
For ICMP monitor, monitor_port is not required.
int Minimum: 0
Maximum: 65535
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
request_body HTTP health check request body

String to send as part of HTTP health check request body. Valid only
for certain HTTP methods like POST.
string
request_headers Array of HTTP request headers

Array of HTTP request headers.		 array of LbHttpRequestHeader
request_method The health check method for HTTP monitor type

The health check method for HTTP monitor type.		 HttpRequestMethodType Default: "GET"
request_url Customized HTTPS request url for active health checks

For HTTPS active healthchecks, the HTTPS request url sent can be
customized and can include query parameters.
string Default: "/"
request_version HTTP request version

HTTP request version.		 HttpRequestVersionType Default: "HTTP_VERSION_1_1"
resource_type Must be set to the value LBHttpsMonitorProfile LBMonitorProfileType Required
response_body Response body to match

If HTTP response body match string (regular expressions not supported)
is specified (using LBHttpMonitor.response_body) then the
healthcheck HTTP response body is matched against the specified string
and server is considered healthy only if there is a match.
If the response body string is not specified, HTTP healthcheck is
considered successful if the HTTP response status code is 2xx, but it
can be configured to accept other status codes as successful.
string
response_status_codes Array of single HTTP response status codes

The HTTP response status code should be a valid HTTP status code.
array of int Maximum items: 64
rise_count Monitor rise count for active healthchecks

Once a member is DOWN, a specified number of consecutive successful
healthchecks specified by rise_count will bring the member back to UP
state.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
server_ssl_profile_binding Pool side SSL binding setting

The setting is used when the monitor acts as an SSL client and
establishing a connection to the backend server.
LBServerSslProfileBinding
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Monitor timeout in seconds for active healthchecks

Timeout specified in seconds. After a healthcheck is initiated, if it
does not complete within a certain period, then also the healthcheck
is considered to be unsuccessful. Completing a healthcheck within
timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the
configured timeout.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBIcmpMonitorProfile (schema) (Deprecated)

LBMonitorProfile for active health checks over ICMP

Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over ICMP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healt hchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBIcmpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
data_length The data size (in byte) of the ICMP healthcheck packet integer Minimum: 0
Maximum: 65507
Default: "56"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count Monitor fall count for active healthchecks

Only if a healthcheck fails consecutively for a specified number of
times, given with fall_count, to a member will the member status be
marked DOWN.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval Monitor interval in seconds for active healthchecks

Active healthchecks are initiated periodically, at a configurable
interval (in seconds), to each member of the Group.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
monitor_port Monitor port for active healthchecks

Typically, monitors perform healthchecks to Group members using the
member IP address and pool_port.
However, in some cases, customers prefer to run healthchecks against a
different port than the pool member port which handles actual
application traffic. In such cases, the port to run healthchecks
against can be specified in the monitor_port value.
For ICMP monitor, monitor_port is not required.
int Minimum: 0
Maximum: 65535
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBIcmpMonitorProfile LBMonitorProfileType Required
rise_count Monitor rise count for active healthchecks

Once a member is DOWN, a specified number of consecutive successful
healthchecks specified by rise_count will bring the member back to UP
state.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Monitor timeout in seconds for active healthchecks

Timeout specified in seconds. After a healthcheck is initiated, if it
does not complete within a certain period, then also the healthcheck
is considered to be unsuccessful. Completing a healthcheck within
timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the
configured timeout.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBIpHeaderCondition (schema) (Deprecated)

Condition to match IP header fields

This condition is used to match IP header fields of HTTP messages.
Either source_address or group_id should be specified.

Name Description Type Notes
group_path Grouping object path

Source IP address of HTTP message should match IP addresses which are
configured in Group in order to perform actions.
string
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
source_address Source IP address of HTTP message

Source IP address of HTTP message. IP Address can be expressed as a
single IP address like 10.1.1.1, or a range of IP addresses like
10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported.
IPElement
type Must be set to the value LBIpHeaderCondition LBRuleConditionType Required

LBJwtAuthAction (schema) (Deprecated)

Action to control access using JWT authentication

This action is used to control access to backend server resources using
JSON Web Token(JWT) authentication. The JWT authentication is done before
any HTTP manipulation if the HTTP request matches the given condition in
LBRule. Any verification failed, the HTTP process will be terminated, and
HTTP response with 401 status code and WWW-Authentication header will be
returned to client.

Name Description Type Notes
key LBJwtKey used for verifying the signature of JWT token LBJwtKey
(Abstract type: pass one of the following concrete types)
LBJwtCertificateKey
LBJwtPublicKey
LBJwtSymmetricKey
pass_jwt_to_pool Whether to pass the JWT to backend server or remove it

Specify whether to pass the JWT to backend server or remove it. By
default, it is false which means will not pass the JWT to backend
servers.
boolean Default: "False"
realm JWT realm

A description of the protected area. If no realm is specified, clients
often display a formatted hostname instead. The configured realm is
returned when client request is rejected with 401 http status. In the
response, it will be "WWW-Authentication: Bearer realm=<realm>".
string
tokens JWT tokens

JWT is an open standard that defines a compact and
self-contained way for securely transmitting information between
parties as a JSON object. Load balancer will search for every specified
tokens one by one for the jwt message until found. This parameter is
optional. In case not found or this field is not configured, load
balancer searches the Bearer header by default in the http request
"Authorization: Bearer <token>".
array of string
type Must be set to the value LBJwtAuthAction LBRuleActionType Required

LBJwtCertificateKey (schema) (Deprecated)

Specifies certificate used to verify the signature of JWT tokens

The key is used to specify certificate which is used to verify the
signature of JWT tokens.

Name Description Type Notes
certificate_path Certificate identifier string Required
type Must be set to the value LBJwtCertificateKey LBJwtKeyType Required

LBJwtKey (schema) (Deprecated)

Load balancer JWT key

LBJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
This is an abstract type. Concrete child types:
LBJwtCertificateKey
LBJwtPublicKey
LBJwtSymmetricKey

Name Description Type Notes
type Type of load balancer JWT key

The property is used to identify JWT key type.
LBJwtKeyType Required

LBJwtKeyType (schema) (Deprecated)

Type of load balancer JWT key

It is used to identify JWT key type.

Name Description Type Notes
LBJwtKeyType Type of load balancer JWT key

It is used to identify JWT key type.
string Deprecated
Enum: LBJwtCertificateKey, LBJwtSymmetricKey, LBJwtPublicKey

LBJwtPublicKey (schema) (Deprecated)

Specifies public key content used to verify the signature of JWT tokens

The key is used to specify the public key content which is used to verify
the signature of JWT tokens.

Name Description Type Notes
public_key_content Content of public key string Required
type Must be set to the value LBJwtPublicKey LBJwtKeyType Required

LBJwtSymmetricKey (schema) (Deprecated)

Specifies the symmetric key used to verify the signature of JWT tokens

The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.

Name Description Type Notes
type Must be set to the value LBJwtSymmetricKey LBJwtKeyType Required

LBMonitorProfile (schema) (Deprecated)

The object is deprecated as NSX-T Load Balancer is deprecated.
This is an abstract type. Concrete child types:
LBActiveMonitor
LBHttpMonitorProfile
LBHttpsMonitorProfile
LBIcmpMonitorProfile
LBPassiveMonitorProfile
LBTcpMonitorProfile
LBUdpMonitorProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBMonitorProfile LBMonitorProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBMonitorProfileListResult (schema) (Deprecated)

Paged Collection of LBMonitorProfiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LBMonitorProfile list results array of LBMonitorProfile
(Abstract type: pass one of the following concrete types)
LBActiveMonitor
LBHttpMonitorProfile
LBHttpsMonitorProfile
LBIcmpMonitorProfile
LBPassiveMonitorProfile
LBTcpMonitorProfile
LBUdpMonitorProfile		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBMonitorProfileType (schema) (Deprecated)

Monitor type

There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.

Name Description Type Notes
LBMonitorProfileType Monitor type

There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
string Deprecated
Enum: LBTcpMonitorProfile, LBUdpMonitorProfile, LBIcmpMonitorProfile, LBHttpMonitorProfile, LBHttpsMonitorProfile, LBPassiveMonitorProfile

LBNodeCountPerSeverity (schema)

The node count for specific severity

The node count for specific load balancer usage severity.

Name Description Type Notes
node_count Node count for specific serverity

Node count for specific serverity.
integer Readonly
severity LB usage severity

The severity calculation is based on current credit usage percentage
of load balancer for one node.
LBUsageSeverity Readonly

LBNodeUsage (schema)

Node usage for load balancer

Node usage for load balancer contains basic information and LB entity
usages and capacity for the given node. Only edge node is supported.
This is an abstract type. Concrete child types:
LBEdgeNodeUsage

Name Description Type Notes
node_path The node path for load balancer node usage

The property identifies the node path for load balancer node usage.
For example, node_path=/infra/sites/default/enforcement-points/default
/edge-clusters/85175e0b-4d74-461d-83e1-f3b785adef9c/edge-nodes
/86e077c0-449f-11e9-87c8-02004eb37029.
string Required
resource_type Type of load balancer node usage

The property identifies the load balancer node usage type.
string Required

LBNodeUsageRequestParameters (schema)

Name Description Type Notes
node_path The node path for load balancer node usage

The property identifies the node path for load balancer node usage.
For example, ?node_path=/infra/sites/default/enforcement-points/default
/edge-clusters/85175e0b-4d74-461d-83e1-f3b785adef9c/edge-nodes
/86e077c0-449f-11e9-87c8-02004eb37029.
string Required

LBNodeUsageSummary (schema)

LB node usage summary for all nodes

The load balancer node usage summary for all nodes from specific
enforcement point. Only edge node is supported. The summary contains all
edge nodes which are configured in edge clusters.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
current_load_balancer_credits Current load balancer credits

Current load balancer credits in use for all nodes.
For example, configuring a medium load balancer on a node consumes
10 credits. If there are 2 medium instances configured, the current
load balancer credit number is 2 * 10 = 20.
integer Readonly
current_pool_member_count The current pool member count

The overall count of pool members configured on all nodes.
integer Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
load_balancer_credit_capacity Load balancer credit capacity

The load balancer credit capacity means the maximum credits which can
be used for load balancer service configuration for all nodes.
integer Readonly
node_counts Array of node count for each severity

The property identifies array of node count for each severity.
array of LBNodeCountPerSeverity Readonly
node_usages LB node usages

The property identifies all LB node usages. By default, it is not
included in response. It exists when parameter ?include_usages=true.
array of LBNodeUsage
(Abstract type: pass one of the following concrete types)
LBEdgeNodeUsage		 Readonly
pool_member_capacity The overall pool member capacity

Pool member capacity means maximum number of pool members which can
be configured on all nodes.
integer Readonly
severity LB usage severity

The severity calculation is based on overall credit usage percentage
of load balancer for all nodes.
LBUsageSeverity Readonly
usage_percentage Usage percentage

The overall usage percentage of all nodes for load balancer.
The value is the larger value between overall pool member usage
percentage and overall load balancer credit usage percentage.
number Readonly

LBNodeUsageSummaryRequestParameters (schema)

Load balancer node usage summary request parameters

Name Description Type Notes
enforcement_point_path enforcement point path

Specify enforcement point path.
string
include_usages Whether to include usages

Specify whether to include usages in response.
boolean

LBPassiveMonitorProfile (schema) (Deprecated)

Base class for each type of active LBMonitorProfile

The passive type of LBMonitorProfile.
LBPassiveMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
max_fails Number of consecutive connection failures

When the consecutive failures reach this value, then the member is
considered temporarily unavailable for a configurable period
integer Minimum: 1
Maximum: 2147483647
Default: "5"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBPassiveMonitorProfile LBMonitorProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Timeout in seconds before it is selected again for a new connection

After this timeout period, the member is tried again for a new
connection to see if it is available.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBPersistenceCookieTime (schema) (Deprecated)

Persistence cookie time

Persistence cookie time.

Name Description Type Notes
cookie_max_idle Persistence cookie max idle time in seconds

HTTP cookie max-age to expire cookie, only available for insert mode.
integer Required
Minimum: 1
Maximum: 2147483647
type Must be set to the value LBPersistenceCookieTime LBCookieTimeType Required

LBPersistenceProfile (schema)

Contains the information related to load balancer persistence options

Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to LBVirtualServer
directly, it can be specified in LBVariablePersistenceOnAction or
LBVariablePersistenceLearnAction in LBRule. If a user attaches a
LBGenericPersistenceProfile directly to a virtual server, the operation
is rejected.
This is an abstract type. Concrete child types:
LBCookiePersistenceProfile
LBGenericPersistenceProfile
LBSourceIpPersistenceProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
persistence_shared Persistence shared across LBVirtualServers

Persistence shared setting indicates that all LBVirtualServers
that consume this LBPersistenceProfile should share the same
persistence mechanism when enabled. Meaning, persistence entries of
a client accessing one virtual server will also affect the same
client's connections to a different virtual server. For example, say
there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to
the same Group g1 consisting of two servers (s11:80 and s12:80). By
default, each virtual server will have its own persistence table or
cookie. So, in the earlier example, there will be two tables
(vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client
connects to vip1:80 and later connects to vip1:8080, the second
connection may be sent to a different server than the first. When
persistence_shared is enabled, then the second connection will always
connect to the same server as the original connection. For COOKIE
persistence type, the same cookie will be shared by multiple virtual
servers. For SOURCE_IP persistence type, the persistence table will
be shared across virtual servers. For GENERIC persistence type, the
persistence table will be shared across virtual servers which consume
the same persistence profile in LBRule actions.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBPersistenceProfile string Required
Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBPersistenceProfileListResult (schema)

Paged Collection of LBPersistenceProfiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LBPersistenceProfile list results array of LBPersistenceProfile
(Abstract type: pass one of the following concrete types)
LBCookiePersistenceProfile
LBGenericPersistenceProfile
LBSourceIpPersistenceProfile		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBPool (schema)

Defining access a Group from a LBVirtualServer and binding to LBMonitorProfile

Defining access of a Group from a LBVirtualServer and binding to
LBMonitorProfile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
active_monitor_paths Active monitor path list

In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check
their health, completely independent of any data traffic. Active
healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the pool. If multiple active
monitors are configured, the pool member status is UP only when the
health check status for all the monitors are UP.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of string Deprecated
algorithm Load balancing algorithm

Load Balancing algorithm chooses a server for each new connection by going
through the list of servers in the pool. Currently, following load balancing
algorithms are supported with ROUND_ROBIN as the default.
ROUND_ROBIN means that a server is selected in a round-robin fashion. The
weight would be ignored even if it is configured.
WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted
round-robin fashion. Default weight of 1 is used if weight is not configured.
LEAST_CONNECTION means that a server is selected when it has the least
number of connections. The weight would be ignored even if it is configured.
Slow start would be enabled by default.
WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted
least connection fashion. Default weight of 1 is used if weight is not
configured. Slow start would be enabled by default.
IP_HASH means that consistent hash is performed on the source IP address of
the incoming connection. This ensures that the same client IP address will
always reach the same server as long as no server goes down or up. It may
be used on the Internet to provide a best-effort stickiness to clients
which refuse session cookies.
string Enum: ROUND_ROBIN, WEIGHTED_ROUND_ROBIN, LEAST_CONNECTION, WEIGHTED_LEAST_CONNECTION, IP_HASH
Default: "ROUND_ROBIN"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
member_group Load balancer member setting with grouping object

Load balancer pool support grouping object as dynamic pool members.
When member group is defined, members setting should not be specified.
LBPoolMemberGroup
members Load balancer pool members

Server pool consists of one or more pool members. Each pool member
is identified, typically, by an IP address and a port.
array of LBPoolMember
min_active_members Minimum number of active pool members to consider pool as active

A pool is considered active if there are at least certain
minimum number of members.
integer Minimum: 1
Maximum: 2147483647
Default: "1"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
passive_monitor_path Passive monitor path

Passive healthchecks are disabled by default and can be enabled by
attaching a passive health monitor to a server pool.
Each time a client connection to a pool member fails, its failed count
is incremented. For pools bound to L7 virtual servers, a connection is
considered to be failed and failed count is incremented if any TCP
connection errors (e.g. TCP RST or failure to send data) or SSL
handshake failures occur. For pools bound to L4 virtual servers, if no
response is received to a TCP SYN sent to the pool member or if a TCP
RST is received in response to a TCP SYN, then the pool member is
considered to have failed and the failed count is incremented.
The property is deprecated as NSX-T Load Balancer is deprecated.
string Deprecated
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBPool string
snat_translation Snat translation configuration

Depending on the topology, Source NAT (SNAT) may be required to ensure
traffic from the server destined to the client is received by the load
balancer. SNAT can be enabled per pool. If SNAT is not enabled for a
pool, then load balancer uses the client IP and port (spoofing) while
establishing connections to the servers. This is referred to as no-SNAT
or TRANSPARENT mode. By default Source NAT is enabled as LBSnatAutoMap.
LBSnatTranslation
(Abstract type: pass one of the following concrete types)
LBSnatAutoMap
LBSnatDisabled
LBSnatIpPool
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_multiplexing_enabled TCP multiplexing enable flag

TCP multiplexing allows the same TCP connection between load balancer
and the backend server to be used for sending multiple client requests
from different client TCP connections.
The property is deprecated as NSX-T Load Balancer is deprecated.
boolean Deprecated
Default: "False"
tcp_multiplexing_number Maximum number of TCP connections for multiplexing

The maximum number of TCP connections per pool that are idly kept alive
for sending future client requests.
The property is deprecated as NSX-T Load Balancer is deprecated.
integer Deprecated
Minimum: 0
Maximum: 2147483647
Default: "6"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBPoolListResult (schema)

Paged Collection of LBPool

Paged Collection of LBPool.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LBPool list results

LBPool list results.		 array of LBPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBPoolMember (schema)

Pool member

Pool member.

Name Description Type Notes
admin_state Member admin state

Member admin state.		 PoolMemberAdminStateType Default: "ENABLED"
backup_member Determine whether the pool member is for backup usage

Backup servers are typically configured with a sorry page indicating to
the user that the application is currently unavailable. While the pool
is active (a specified minimum number of pool members are active)
BACKUP members are skipped during server selection. When the pool is
inactive, incoming connections are sent to only the BACKUP member(s).
boolean Default: "False"
display_name Pool member name

Pool member name.		 string
ip_address Pool member IP address

Pool member IP address.		 IPAddress Required
max_concurrent_connections Maximum concurrent connection number

To ensure members are not overloaded, connections to a member can be
capped by the load balancer. When a member reaches this limit, it is
skipped during server selection.
If it is not specified, it means that connections are unlimited.
integer Minimum: 1
Maximum: 2147483647
port Pool member port number

If port is specified, all connections will be sent to this port. Only
single port is supported.
If unset, the same port the client connected to will be used, it could
be overrode by default_pool_member_port setting in virtual server.
The port should not specified for port range case.
PortElement
weight Pool member weight

Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing
algorithm. The weight value would be ignored in other algorithms.
integer Minimum: 1
Maximum: 256
Default: "1"

LBPoolMemberGroup (schema)

Pool member group

Pool member group.

Name Description Type Notes
customized_members List of customized pool member settings

The list is used to show the customized pool member settings. User can
only user pool member action API to update the admin state for a specific
IP address.
array of PoolMemberSetting
group_path Grouping object path

Load balancer pool support Group as dynamic pool members.
The IP list of the Group would be used as pool member IP setting.
string Required
ip_revision_filter Filter of ipv4 or ipv6 address of grouping object IP list

Ip revision filter is used to filter IPv4 or IPv6 addresses from the
grouping object.
If the filter is not specified, both IPv4 and IPv6 addresses would be
used as server IPs.
The link local and loopback addresses would be always filtered out.
string Enum: IPV4, IPV6, IPV4_IPV6
Default: "IPV4"
max_ip_list_size Maximum number of grouping object IP address list

The size is used to define the maximum number of grouping object IP
address list. These IP addresses would be used as pool members.
If the grouping object includes more than certain number of
IP addresses, the redundant parts would be ignored and those IP
addresses would not be treated as pool members.
If the size is not specified, one member is budgeted for this dynamic
pool so that the pool has at least one member even if some other
dynamic pools grow beyond the capacity of load balancer service. Other
members are picked according to available dynamic capacity. The unused
members would be set to DISABLED so that the load balancer system
itself is not overloaded during runtime.
integer Minimum: 0
Maximum: 2147483647
port Pool member port for all IP addresses of the grouping object

If port is specified, all connections will be sent to this port.
If unset, the same port the client connected to will be used, it could
be overridden by default_pool_member_ports setting in virtual server.
The port should not specified for multiple ports case.
int Minimum: 1
Maximum: 65535

LBPoolMemberStatistics (schema)

Name Description Type Notes
ip_address Pool member IP address

Pool member IP address.		 IPAddress Readonly
port Pool member port

The port is configured in pool member. For virtual server port range
case, pool member port must be null.
PortElement Readonly
statistics Pool member statistics counter

Pool member statistics counter.		 LBStatisticsCounter Readonly

LBPoolMemberStatus (schema)

Name Description Type Notes
failure_cause The healthcheck failure cause when status is DOWN

If multiple active monitors are configured, the failure_cause contains
failure cause for each monitors. Like "Monitor_1:failure_cause_1.
Monitor_2:failure_cause_2."
string Readonly
ip_address Pool member IP address

Pool member IP address.		 IPAddress Readonly
last_check_time Timestamp when the monitor status was last checked

If multiple active monitors are configured, the property value is the
latest last_check_time among all the monitors.
EpochMsTimestamp Readonly
last_state_change_time Timestamp when the monitor status was last changed

If multiple active monitors are configured, the property value is the
latest last_state_change_time among all the monitors.
EpochMsTimestamp Readonly
port Pool member port

The port is configured in pool member. For virtual server port range
case, pool member port must be null.
PortElement Readonly
status Pool member status

UP means that pool member is enabled and monitors have marked the pool
member as UP. If the pool member has no monitor configured, it would
be treated as UP.
DOWN means that pool member is enabled and monitors have marked the
pool member as DOWN.
DISABLED means that admin state of pool member is set to DISABLED.
GRACEFUL_DISABLED means that admin state of pool member is set to
GRACEFUL_DISABLED.
UNUSED means that the pool member is not used when the IP list size
of member group exceeds the maximum setting. The remaining IP addresses
would not be used as available backend servers, hence mark the status
as UNUSED.
UNKNOWN means that the related pool is not associated to any enabled
virtual servers, or no status reported from transport-nodes, the
associated load balancer service may be working(or not working).
string Readonly
Enum: UP, DOWN, DISABLED, GRACEFUL_DISABLED, UNUSED, UNKNOWN

LBPoolStatistics (schema)

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
last_update_timestamp Timestamp when the data was last updated

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
members Statistics of load balancer pool members

Statistics of load balancer pool members.		 array of LBPoolMemberStatistics Readonly
pool_path Load balancer pool object path

Load balancer pool object path.		 string Readonly
resource_type Must be set to the value LBPoolStatistics string Required
statistics Virtual server statistics counter

Virtual server statistics counter.		 LBStatisticsCounter Readonly

LBPoolStatisticsPerEP (schema)

LBPoolStatistics on specific Enforcement Point

This is an abstract type. Concrete child types:
LBPoolStatistics

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required

LBPoolStatus (schema)

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
last_update_timestamp Timestamp when the data was last updated

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
members Status of load balancer pool members

Status of load balancer pool members.		 array of LBPoolMemberStatus Readonly
pool_path Load balancer pool object path

Load balancer pool object path.		 string Readonly
resource_type Must be set to the value LBPoolStatus string Required
status Virtual server status

UP means that all primary members are in UP status.
PARTIALLY_UP means that some(not all) primary members are in UP
status, the number of these active members is larger or equal to
certain number(min_active_members) which is defined in LBPool.
When there are no backup members which are in the UP status, the
number(min_active_members) would be ignored.
PRIMARY_DOWN means that less than certain(min_active_members) primary
members are in UP status but backup members are in UP status,
connections to this pool would be dispatched to backup members.
DOWN means that all primary and backup members are DOWN.
DETACHED means that the pool is not bound to any virtual server.
UNKOWN means that no status reported from transport-nodes. The
associated load balancer service may be working(or not working).
string Readonly
Enum: UP, PARTIALLY_UP, PRIMARY_DOWN, DOWN, DETACHED, UNKNOWN

LBPoolStatusPerEP (schema)

LBPoolStatus on specific Enforcement Point

This is an abstract type. Concrete child types:
LBPoolStatus

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required

LBRule (schema) (Deprecated)

Binding of a LBPool and Group to a LBVirtualServer

Binding of a LBPool and Group to a LBVirtualServer
used to route application traffic passing through load balancers.
LBRule uses match conditions to match application traffic passing
through a LBVirtualServer using HTTP or HTTPS. Can bind
multiple LBVirtualServers to a Group. Each LBRule
consists of two optional match conditions, each match contidion defines a
criterion for application traffic. If no match conditions are
specified, then the LBRule will always match and it is used
typically to define default rules. If more than one match condition is
specified, then matching strategy determines if all conditions should
match or any one condition should match for the LBRule to be
considered a match. A match indicates that the LBVirtualServer
should route the request to the Group (parent of LBRule).
LBRule is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
actions Actions to be executed

A list of actions to be executed at specified phase when load balancer
rule matches. The actions are used to manipulate application traffic,
such as rewrite URI of HTTP messages, redirect HTTP messages, etc.
array of LBRuleAction
(Abstract type: pass one of the following concrete types)
LBConnectionDropAction
LBHttpRedirectAction
LBHttpRejectAction
LBHttpRequestHeaderDeleteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestUriRewriteAction
LBHttpResponseHeaderDeleteAction
LBHttpResponseHeaderRewriteAction
LBJwtAuthAction
LBSelectPoolAction
LBSslModeSelectionAction
LBVariableAssignmentAction
LBVariablePersistenceLearnAction
LBVariablePersistenceOnAction		 Required
Maximum items: 60
display_name Display name for LBRule

A display name useful for identifying an LBRule.
string
match_conditions Conditions to match application traffic

A list of match conditions used to match application traffic. Multiple
match conditions can be specified in one load balancer rule, each match
condition defines a criterion to match application traffic.
If no match conditions are specified, then the load balancer rule will
always match and it is used typically to define default rules. If more
than one match condition is specified, then match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to considered a match.
array of LBRuleCondition
(Abstract type: pass one of the following concrete types)
LBHttpRequestBodyCondition
LBHttpRequestCookieCondition
LBHttpRequestHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestUriCondition
LBHttpRequestVersionCondition
LBHttpResponseHeaderCondition
LBHttpSslCondition
LBIpHeaderCondition
LBSslSniCondition
LBTcpHeaderCondition
LBVariableCondition		 Maximum items: 60
match_strategy Match strategy for determining match of multiple conditions

If more than one match condition is specified, then
matching strategy determines if all conditions should match or any
one condition should match for the LB Rule to be considered a match.
- ALL indicates that both host_match and path_match must match for
this LBRule to be considered a match.
- ANY indicates that either host_match or patch match may match for
this LBRule to be considered a match.
string Enum: ALL, ANY
Default: "ANY"
phase Load balancer processing phase

Each load balancer rule is used at a specific phase of load balancer
processing. Currently five phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT.
When an HTTP request message is received by load balancer, all
HTTP_REQUEST_REWRITE rules, if present are executed in the order they
are applied to virtual server. And then if HTTP_FORWARDING rules
present, only first matching rule's action is executed, remaining rules
are not checked. HTTP_FORWARDING rules can have only one action. If the
request is forwarded to a backend server and the response goes back to
load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed
in the order they are applied to the virtual server.
In HTTP_ACCESS phase, user can define action to control access using
JWT authentication.
In TRANSPORT phase, user can define the condition to match SNI in TLS
client hello and define the action to do SSL end-to-end, SSL offloading
or SSL passthrough using a specific load balancer server pool.
string Enum: HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS, TRANSPORT
Default: "HTTP_FORWARDING"

LBRuleAction (schema) (Deprecated)

Load balancer rule action

Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions.
Supported actions in HTTP_REQUST_REWRITE phase are:
LBHttpRequestUriRewriteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestHeaderDeleteAction
LBVariableAssignmentAction
Supported actions in HTTP_FORWARDING phase are:
LBHttpRejectAction
LBHttpRedirectAction
LBSelectPoolAction
LBVariablePersistenceOnAction
LBConnectionDropAction
Supported action in HTTP_RESPONSE_REWRITE phase is:
LBHttpResponseHeaderRewriteAction
LBHttpResponseHeaderDeleteAction
LBVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is:
LBJwtAuthAction
LBConnectionDropAction
LBVariableAssignmentAction
Supported action in TRANSPORT phase is:
LBSslModeSelectionAction
LBSelectPoolAction

If the match type of an LBRuleCondition field is specified as REGEX and
named capturing groups are used in the specified regular expression. The
groups can be used as variables in LBRuleAction fields.
For example, define a rule with LBHttpRequestUriCondition as match
condition and LBHttpRequestUriRewriteAction as action. Set match_type field
of LBHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)".
Set uri field of LBHttpRequestUriRewriteAction to:
"/news/$year-$month/$article"
In uri field of LBHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LBHttpRequestUriRewriteAction.
For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring
"2017" is captured in variable $year, "06" is captured in variable $month,
and "xyz.html" is captured in variable $article. The
LBHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html"
A set of built-in variables can be used in LBRuleAction as well. The name
of built-in variables start with underscore, the name of user defined
variables is not allowed to start with underscore.
Following are some of the built-in variables:
$_scheme: Reference the scheme part of matched HTTP messages, could be
"http" or "https".
$_host: Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https.
$_uri: The URI path, for example "/products/sample.html".
$_request_uri: Full original request URI with arguments, for example,
"/products/sample.html?a=b&c=d".
$_args: URI arguments, for instance "a=b&c=d"
$_is_args: "?" if a request has URI arguments, or an empty string
otherwise.
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
This is an abstract type. Concrete child types:
LBConnectionDropAction
LBHttpRedirectAction
LBHttpRejectAction
LBHttpRequestHeaderDeleteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestUriRewriteAction
LBHttpResponseHeaderDeleteAction
LBHttpResponseHeaderRewriteAction
LBJwtAuthAction
LBSelectPoolAction
LBSslModeSelectionAction
LBVariableAssignmentAction
LBVariablePersistenceLearnAction
LBVariablePersistenceOnAction

Name Description Type Notes
type Type of load balancer rule action

The property identifies the load balancer rule action type.
LBRuleActionType Required

LBRuleActionType (schema) (Deprecated)

Types of load balancer rule actions

Types of load balancer rule actions.

Name Description Type Notes
LBRuleActionType Types of load balancer rule actions

Types of load balancer rule actions.		 string Deprecated
Enum: LBSelectPoolAction, LBHttpRequestUriRewriteAction, LBHttpRequestHeaderRewriteAction, LBHttpRejectAction, LBHttpRedirectAction, LBHttpResponseHeaderRewriteAction, LBHttpRequestHeaderDeleteAction, LBHttpResponseHeaderDeleteAction, LBVariableAssignmentAction, LBVariablePersistenceOnAction, LBVariablePersistenceLearnAction, LBJwtAuthAction, LBSslModeSelectionAction, LBConnectionDropAction

LBRuleCondition (schema) (Deprecated)

Match condition of load balancer rule

Match conditions are used to match application traffic passing through
load balancers. Multiple match conditions can be specified in one load
balancer rule, each match condition defines a criterion for application
traffic.
If inverse field is set to true, the match result of the condition is
inverted.
If more than one match condition is specified, match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to be considered a match.
Currently only HTTP messages are supported by load balancer rules.
Each load balancer rule is used at a specific phase of load balancer
processing. Currently three phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match conditions in HTTP_FORWARDING phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
LBSslSniCondition
Supported match conditions in HTTP_RESPONSE_REWRITE phase are:
LBHttpResponseHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in HTTP_ACCESS phase is:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in TRANSPORT phase is:
LBSslSniCondition
This is an abstract type. Concrete child types:
LBHttpRequestBodyCondition
LBHttpRequestCookieCondition
LBHttpRequestHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestUriCondition
LBHttpRequestVersionCondition
LBHttpResponseHeaderCondition
LBHttpSslCondition
LBIpHeaderCondition
LBSslSniCondition
LBTcpHeaderCondition
LBVariableCondition

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
type Type of load balancer rule condition LBRuleConditionType Required

LBRuleConditionType (schema) (Deprecated)

Type of load balancer rule match condition

Type of load balancer rule match condition.

Name Description Type Notes
LBRuleConditionType Type of load balancer rule match condition

Type of load balancer rule match condition.		 string Deprecated
Enum: LBHttpRequestUriCondition, LBHttpRequestHeaderCondition, LBHttpRequestMethodCondition, LBHttpRequestUriArgumentsCondition, LBHttpRequestVersionCondition, LBHttpRequestCookieCondition, LBHttpRequestBodyCondition, LBHttpResponseHeaderCondition, LBTcpHeaderCondition, LBIpHeaderCondition, LBVariableCondition, LBHttpSslCondition, LBSslSniCondition

LBSelectPoolAction (schema) (Deprecated)

Action to select a pool for HTTP request messages

This action is used to select a pool for matched HTTP request messages. The
pool is specified by path. The matched HTTP request messages are forwarded
to the specified pool.

Name Description Type Notes
pool_id Path of load balancer pool

Path of load balancer pool.		 string Required
type Must be set to the value LBSelectPoolAction LBRuleActionType Required

LBServerAuthType (schema) (Deprecated)

server authentication mode

Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not.
Validation is automatic by default when server_auth_ca_certificate_paths are
configured and IGNORED when they are not configured.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.

Name Description Type Notes
LBServerAuthType server authentication mode

Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not.
Validation is automatic by default when server_auth_ca_certificate_paths are
configured and IGNORED when they are not configured.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.
string Deprecated
Enum: REQUIRED, IGNORE, AUTO_APPLY

LBServerSslProfile (schema) (Deprecated)

Server SSL profile

Server SSL profile.
LBServerSslProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cipher_group_label Label of cipher group

It is a label of cipher group which is mostly consumed by GUI.
SslCipherGroup
ciphers Supported SSL cipher list to client side

Supported SSL cipher list to client side.		 array of SslCipher
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_fips FIPS compliance of ciphers and protocols

This flag is set to true when all the ciphers and protocols are FIPS
compliant.
It is set to false when one of the ciphers or protocols are not
FIPS compliant.
boolean Readonly
is_secure Secure/Insecure SSL profile flag

This flag is set to true when all the ciphers and protocols are secure.
It is set to false when one of the ciphers or protocols is insecure.
boolean Readonly
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
protocols Supported SSL protocol list to client side

SSL versions TLS1.1 and TLS1.2 are supported and enabled by default.
SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default.
array of SslProtocol
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBServerSslProfile string
session_cache_enabled Session cache enable/disable falg

SSL session caching allows SSL client and server to reuse previously
negotiated security parameters avoiding the expensive public key
operation during handshake.
boolean Default: "True"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBServerSslProfileBinding (schema) (Deprecated)

Server SSL profile binding

Server SSL profile binding.
LBServerSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.

Name Description Type Notes
certificate_chain_depth The maximum traversal depth of server certificate chain

Authentication depth is used to set the verification depth in the server
certificates chain.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
client_certificate_path Client certificate path

To support client authentication (load balancer acting as a client
authenticating to the backend server), client certificate can be
specified in the server-side SSL profile binding
string
server_auth Server authentication mode

Server authentication mode.		 LBServerAuthType Default: "AUTO_APPLY"
server_auth_ca_paths CA path list to verify server certificate

If server auth type is REQUIRED, server certificate must be signed by
one of the trusted Certificate Authorities (CAs), also referred to as
root CAs, whose self signed certificates are specified.
array of string
server_auth_crl_paths CRL path list to verify server certificate

A Certificate Revocation List (CRL) can be specified in the server-side
SSL profile binding to disallow compromised server certificates.
array of string
ssl_profile_path Server SSL profile path

Server SSL profile defines reusable, application-independent server side
SSL properties.
string

LBServerSslProfileListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of load balancer server SSL profiles array of LBServerSslProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBService (schema)

Loadbalancer Service

Loadbalancer Service.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
access_log_enabled Flag to enable access log boolean Deprecated
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
connectivity_path The connectivity target used to instantiate the LBService

LBS could be instantiated (or created) on the Tier-1, etc.
For now, only the Tier-1 object is supported.
string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to enable the load balancer service

Flag to enable the load balancer service.		 boolean Default: "True"
error_log_level Error log level of load balancer service

Load balancer engine writes information about encountered issues of
different severity levels to the error log. This setting is used to
define the severity level of the error log.
LbLogLevel Default: "INFO"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
relax_scale_validation Whether scale validation is relaxed

If relax_scale_validation is true, the scale validations for virtual
servers/pools/pool members/rules are relaxed for load balancer service.
When load balancer service is deployed on edge nodes, the scale of
virtual servers/pools/pool members for the load balancer service should
not exceed the scale number of the largest load balancer size which
could be configured on a certain edge form factor. For example, the
largest load balancer size supported on a MEDIUM edge node is MEDIUM.
So one SMALL load balancer deployed on MEDIUM edge nodes can support
the scale number of MEDIUM load balancer. It is not recommended to
enable active monitors if relax_scale_validation is true due to
performance consideration.
If relax_scale_validation is false, scale numbers should be validated
for load balancer service.
The property is deprecated as NSX-T Load Balancer is deprecated.
boolean Deprecated
Default: "False"
resource_type Must be set to the value LBService string
size Load balancer service size

Load balancer service size.
The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are
all deprecated. Customers who are using this set of features are
advised to migrate to NSX Advanced Load Balancer (Avi) which provides
a superset of the NSX-T load balancing functionality.
LbServiceSize Default: "SMALL"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBServiceCountPerSeverity (schema)

The service count for specific severity

The service count for specific load balancer usage severity.

Name Description Type Notes
service_count Service count for specific serverity

Service count for specific serverity.
integer Readonly
severity LB usage severity

The severity calculation is based on current usage percentage
for one load balancer service.
LBUsageSeverity Readonly

LBServiceInstanceDetail (schema)

Name Description Type Notes
attachment_display_name The display name of load balancer instance attachment

The display name of the resource which the load balancer instance
deploys on.
string
attachment_path The path of load balancer instance attachment

The path of the resource which the load balancer instance deploys on.
string
error_message The error message for this instance

The error message for the load balancer instance. If the instance
status is NOT_READY, error message will be attached.
string

LBServiceInstanceDetailPerStatus (schema)

Name Description Type Notes
instance_details The detail information of load balancer instance

The detailed information of the load balancer instance. This field
will be only returned on realtime status API.
array of LBServiceInstanceDetail
instance_number The number of instances in this status type

It means the total number of instances in this status type for the
given transport node.
integer
status Load balancer instance status type

The type of load balancer instance status.
LBServiceInstanceStatusEnum

LBServiceInstanceDetailPerTransportNode (schema)

Name Description Type Notes
instance_detail_per_status Load balancer instances details for each status

Load balancer instances details for each load balancer instance
status type from the given transport node.
array of LBServiceInstanceDetailPerStatus
transport_node_id The UUID of the transport node

The UUID of the transport node.
string

LBServiceInstanceStatusEnum (schema)

Distributed load balancer service instance status

READY means that the LBS instance is the oldest and applied. Sometimes, the
oldest LBS might not be applied successfully, the next oldest one could be
applied.
CONFLICT means that the LBS instance is not the oldest and not applied.
NOT_READY means that the LBS instance is the oldest, should be applied,
but not applied.

Name Description Type Notes
LBServiceInstanceStatusEnum Distributed load balancer service instance status

READY means that the LBS instance is the oldest and applied. Sometimes, the
oldest LBS might not be applied successfully, the next oldest one could be
applied.
CONFLICT means that the LBS instance is not the oldest and not applied.
NOT_READY means that the LBS instance is the oldest, should be applied,
but not applied.
string Enum: READY, CONFLICT, NOT_READY

LBServiceListResult (schema)

Paged Collection of LBServices

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LBService list results array of LBService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBServiceStatistics (schema)

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
last_update_timestamp Timestamp when the data was last updated

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
pools Statistics of load balancer pools

Statistics of load balancer pools		 array of LBPoolStatistics Readonly
resource_type Must be set to the value LBServiceStatistics string Required
service_path load balancer service identifier

load balancer service identifier.		 string Readonly
statistics Load balancer service statistics counter

Load balancer service statistics counter.		 LBServiceStatisticsCounter Readonly
virtual_servers Statistics of load balancer virtual servers

Statistics of load balancer virtual servers.		 array of LBVirtualServerStatistics Readonly

LBServiceStatisticsCounter (schema)

Name Description Type Notes
l4_current_session_rate average number of l4 current sessions per second

The average number of l4 current sessions per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
l4_current_sessions Number of l4 current sessions

Number of l4 current sessions.		 integer Readonly
l4_max_sessions Number of l4 maximum sessions

L4 max sessions is used to show the peak L4 max session data since
load balancer starts to provide service.
integer Readonly
l4_total_sessions Number of l4 total sessions

Number of l4 total sessions.		 integer Readonly
l7_current_session_rate averabe number of l7 current requests per second

The average number of l7 current requests per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
l7_current_sessions Number of l7 current sessions

Number of l7 current sessions.		 integer Readonly
l7_max_sessions Number of l7 maximum sessions

L7 max sessions is used to show the peak L7 max session data since
load balancer starts to provide service.
integer Readonly
l7_total_sessions Number of l7 total sessions

Number of l7 total sessions.		 integer Readonly

LBServiceStatisticsPerEP (schema)

LBServiceStatistics on specific Enforcement Point

This is an abstract type. Concrete child types:
LBServiceStatistics

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required

LBServiceStatus (schema)

Name Description Type Notes
active_transport_nodes Ids of load balancer service related active transport nodes

Ids of load balancer service related active transport nodes.		 array of string Readonly
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
cpu_usage Cpu usage in percentage

Cpu usage in percentage.		 integer Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
error_message Error message, if available

Error message, if available.		 string Readonly
instance_detail_per_tn Details of load balancer service instance per transport node

Details of load balancer service instance per transport node.
array of LBServiceInstanceDetailPerTransportNode
last_update_timestamp Timestamp when the data was last updated

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
memory_usage Memory usage in percentage

Memory usage in percentage.		 integer Readonly
pools status of load balancer pools

status of load balancer pools.		 array of LBPoolStatus Readonly
resource_type Must be set to the value LBServiceStatus string Required
service_path Load balancer service object path

Load balancer service object path.		 string Readonly
service_status Status of load balancer service

UP means the load balancer service is working fine on both
transport-nodes(if have);
PARTIALLY_UP means that some DLB instances on transport node are
working successfully and some instances are not working successfully;
DOWN means the load balancer service is down on both transport-nodes
(if have), hence the load balancer will not respond to any requests;
ERROR means error happens on transport-node(s) or no status is
reported from transport-node(s). The load balancer service may be
working (or not working);
NO_STANDBY means load balancer service is working in one of the
transport node while not in the other transport-node (if have). Hence
if the load balancer service in the working transport-node goes down,
the load balancer service will go down;
DETACHED means that the load balancer service has no attachment setting
and is not instantiated in any transport nodes;
DISABLED means that admin state of load balancer service is DISABLED;
UNKNOWN means that no status reported from transport-nodes.The load
balancer service may be working(or not working).
string Readonly
Enum: UP, PARTIALLY_UP, DOWN, ERROR, NO_STANDBY, DETACHED, DISABLED, UNKNOWN
standby_transport_nodes Ids of load balancer service related standby transport nodes

Ids of load balancer service related standby transport nodes.		 array of string Readonly
virtual_servers status of load balancer virtual servers

status of load balancer virtual servers.		 array of LBVirtualServerStatus Readonly

LBServiceStatusPerEP (schema)

LBServiceStatus on specific Enforcement Point

This is an abstract type. Concrete child types:
LBServiceStatus

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required

LBServiceStatusQueryParameters (schema)

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
include_instance_details Flag to indicate whether include detail information

The flag to indicate whether include detail information. Load
balancer instance detail information will be returned if this
field is set to true. It's only valid in realtime status query.
boolean Default: "False"
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_ids The UUIDs of transport nodes

The UUIDs of transport nodes. Multiple UUIDs should be separated by
commas. If this field is specified, only the status from the given
transport nodes will be returned. It's only valid in realtime status
query.
string

LBServiceUsage (schema)

The usage information of the load balancer service

Describes the capacity and current usage of virtual servers, pools and pool
members for the given load balancer service.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
current_pool_count The current number of pools

The current number of pools which has been configured in the given load
balancer service.
integer Readonly
current_pool_member_count The current number of pool members

The current number of pool members which has been configured in the given
load balancer service.
integer Readonly
current_virtual_server_count The current number of virtual servers

The current number of virtual servers which has been configured in the
given load balancer service.
integer Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
last_update_timestamp Timestamp when the data was last updated.

Timestamp when the data was last updated.		 EpochMsTimestamp
pool_capacity The capacity of pools

Pool capacity means maximum number of pools which could be configured in
the given load balancer service.
integer Readonly
pool_member_capacity The capacity of pool members

Pool member capacity means maximum number of pool members which could be
configured in the given load balancer service.
integer Readonly
resource_type Must be set to the value LBServiceUsage string Required
service_path LBService object path

LBService object path.		 string Readonly
service_size The size of load balancer service

The size of load balancer service.		 LbServiceSize Readonly
severity LB usage severity

The severity calculation is based on the largest usage percentage from
virtual servers, pools and pool members for one load balancer service.
LBUsageSeverity Readonly
usage_percentage Usage percentage

The usage percentage is the largest usage percentage from virtual
servers, pools and pool members for the load balancer service. If the
property relax_scale_validation is set as true for LBService, it is
possible that the value is larger than 100.0. For example, if SMALL LBS
is deployed on MEDIUM edge node and configured with MEDIUM LBS virtual
server scale number, LBS usage percentage is shown larger than 100.0.
number Readonly
virtual_server_capacity The capacity of virtual servers

Virtual server capacity means maximum number of virtual servers which
could be configured in the given load balancer service.
integer Readonly

LBServiceUsagePerEP (schema)

LBServiceUsage on specific Enforcement Point

This is an abstract type. Concrete child types:
LBServiceUsage

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required

LBServiceUsageSummary (schema)

The usage summary for all load balancer services

Describes usage summary of virtual servers, pools and pool members for
all load balancer services.

Name Description Type Notes
current_pool_count The current pool count

The current count of pools configured for all load balancer services.
integer Readonly
current_pool_member_count The current pool member count

The current count of pool members configured for all load balancer
services.
integer Readonly
current_virtual_server_count The current virtual server count

The current count of virtual servers configured for all load balancer
services.
integer Readonly
pool_capacity The capacity of pools

Pool capacity means maximum number of pools which can be configured
for all load balancer services.
integer Readonly
pool_member_capacity The capacity of pool members

Pool capacity means maximum number of pool members which can be
configured for all load balancer services.
integer Readonly
pool_member_severity LB usage severity

The severity calculation is based on the overall usage percentage of
pool members for all load balancer services.
LBUsageSeverity Readonly
pool_member_usage_percentage Pool member usage percentage

Overall pool member usage percentage for all load balancer services.
number Readonly
pool_severity LB usage severity

The severity calculation is based on the overall usage percentage of
pools for all load balancer services.
LBUsageSeverity Readonly
pool_usage_percentage Pool usage percentage

Overall pool usage percentage for all load balancer services.
number Readonly
service_counts LB service count for each severity

The service count for each load balancer usage severity.
array of LBServiceCountPerSeverity Readonly
service_usages LB service usages

The property identifies all lb service usages. By default, it is not
included in response. It exists when parameter ?include_usages=true.
array of LBServiceUsage Readonly
virtual_server_capacity The capacity of virtual servers

Virtual server capacity means maximum number of virtual servers which
can be configured for all load balancer services.
integer Readonly
virtual_server_severity LB usage severity

The severity calculation is based on the overall usage percentage of
virtual servers for all load balancer services.
LBUsageSeverity Readonly
virtual_server_usage_percentage Virtual server usage percentage

Overall virtual server usage percentage for all load balancer services.
number Readonly

LBSessionCookieTime (schema) (Deprecated)

Session cookie time

Session cookie time.

Name Description Type Notes
cookie_max_idle Session cookie max idle time in seconds

Instead of using HTTP Cookie max-age and relying on client to expire
the cookie, max idle time and/or max lifetime of the cookie can be used.
Max idle time, if configured, specifies the maximum interval the cookie
is valid for from the last time it was seen in a request.
It is available for insert mode.
integer Minimum: 1
Maximum: 2147483647
cookie_max_life Session cookie max lifetime in seconds

Max life time, if configured, specifies the maximum interval the cookie
is valid for from the first time the cookie was seen in a request.
It is available for insert mode.
integer Minimum: 1
Maximum: 2147483647
type Must be set to the value LBSessionCookieTime LBCookieTimeType Required

LBSnatAutoMap (schema) (Deprecated)

Snat auto map

Snat auto map.

Name Description Type Notes
type Must be set to the value LBSnatAutoMap LBSnatTranslationType Required

LBSnatDisabled (schema)

Snat disabled

Snat disabled.

Name Description Type Notes
type Must be set to the value LBSnatDisabled LBSnatTranslationType Required

LBSnatIpElement (schema) (Deprecated)

Snat Ip element

Snat Ip element.

Name Description Type Notes
ip_address Ip address or ip range

Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160.		 IPElement Required
prefix_length Subnet prefix length

Subnet prefix length should be not specified if there is only one single
IP address or IP range.
integer

LBSnatIpPool (schema) (Deprecated)

Snat Ip pool

Snat Ip pool.

Name Description Type Notes
ip_addresses List of Ip address or ip range

If an IP range is specified, the range may contain no more than 64
IP addresses.
array of LBSnatIpElement Required
Maximum items: 64
type Must be set to the value LBSnatIpPool LBSnatTranslationType Required

LBSnatTranslation (schema)

Snat Translation

Snat Translation. This is an abstract type. Concrete child types:
LBSnatAutoMap
LBSnatDisabled
LBSnatIpPool

Name Description Type Notes
type Snat translation type

Snat translation type.		 LBSnatTranslationType Required

LBSnatTranslationType (schema)

Snat translation type

Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are three modes:
LBSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LBSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.
LBSnatDisabled disables Source NAT. This is referred to as no-SNAT
or TRANSPARENT mode.
LBSnatAutoMap and LBSnatIpPool are deprecated as NSX-T Load Balancer is
deprecated.

Name Description Type Notes
LBSnatTranslationType Snat translation type

Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are three modes:
LBSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LBSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.
LBSnatDisabled disables Source NAT. This is referred to as no-SNAT
or TRANSPARENT mode.
LBSnatAutoMap and LBSnatIpPool are deprecated as NSX-T Load Balancer is
deprecated.
string Enum: LBSnatAutoMap, LBSnatIpPool, LBSnatDisabled

LBSourceIpPersistenceProfile (schema)

LBPersistenceProflie using SourceIP

Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ha_persistence_mirroring_enabled Mirroring enabled flag to synchronize persistence entries

Persistence entries are not synchronized to the HA peer by default.
The property is deprecated as NSX-T Load Balancer is deprecated.
boolean Deprecated
Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
persistence_shared Persistence shared across LBVirtualServers

Persistence shared setting indicates that all LBVirtualServers
that consume this LBPersistenceProfile should share the same
persistence mechanism when enabled. Meaning, persistence entries of
a client accessing one virtual server will also affect the same
client's connections to a different virtual server. For example, say
there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to
the same Group g1 consisting of two servers (s11:80 and s12:80). By
default, each virtual server will have its own persistence table or
cookie. So, in the earlier example, there will be two tables
(vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client
connects to vip1:80 and later connects to vip1:8080, the second
connection may be sent to a different server than the first. When
persistence_shared is enabled, then the second connection will always
connect to the same server as the original connection. For COOKIE
persistence type, the same cookie will be shared by multiple virtual
servers. For SOURCE_IP persistence type, the persistence table will
be shared across virtual servers. For GENERIC persistence type, the
persistence table will be shared across virtual servers which consume
the same persistence profile in LBRule actions.
boolean Default: "False"
purge Persistence purge setting

Persistence purge setting.		 SourceIpPersistencePurge Default: "FULL"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBSourceIpPersistenceProfile string Required
Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Persistence entry expiration time in seconds

When all connections complete (reference count reaches 0), persistence
entry timer is started with the expiration time.
integer Minimum: 1
Maximum: 2147483647
Default: "300"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBSslModeSelectionAction (schema) (Deprecated)

Action to select SSL mode

This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.

Name Description Type Notes
ssl_mode Type of SSL mode

SSL Passthrough: LB establishes a TCP connection with client and another
connection with selected backend server. LB won't inspect the stream
data between client and backend server, but just pass it through.
Backend server exchanges SSL connection with client.
SSL Offloading: LB terminiates the connections from client, and
establishes SSL connection with it. After receiving the HTTP request,
LB connects the selected backend server and talk with it via HTTP
without SSL. LB estalishes new connection to selected backend server
for each HTTP request, in case server_keep_alive or multiplexing are
NOT configured.
SSL End-to-End: LB terminiates the connections from client, and
establishes SSL connection with it. After receiving the HTTP request,
LB connects the selected backend server and talk with it via HTTPS.
LB estalishes new SSL connection to selected backend server for each
HTTP request, in case server_keep_alive or multiplexing are NOT
configured.
string Required
Enum: SSL_PASSTHROUGH, SSL_END_TO_END, SSL_OFFLOAD
type Must be set to the value LBSslModeSelectionAction LBRuleActionType Required

LBSslProfile (schema) (Deprecated)

Load balancer abstract SSL profile

Load balancer abstract SSL profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBSslProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBSslSniCondition (schema) (Deprecated)

Condition to match SSL SNI in client hello

This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING.

Name Description Type Notes
case_sensitive A case sensitive flag for SNI comparing

If true, case is significant when comparing SNI value.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of SNI LbRuleMatchType Default: "REGEX"
sni The server name indication

The SNI(Server Name indication) in client hello message.
string Required
type Must be set to the value LBSslSniCondition LBRuleConditionType Required

LBStatisticsCounter (schema)

Name Description Type Notes
bytes_in Number of bytes in

Number of bytes in.		 integer Readonly
bytes_in_rate average number of inbound bytes per second

The average number of inbound bytes per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
bytes_out Number of bytes out

Number of bytes out.		 integer Readonly
bytes_out_rate average number of outbound bytes per second

The average number of outbound bytes per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
current_session_rate average number of current sessions per second

The average number of current sessions per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
current_sessions Number of current sessions

Number of current sessions.		 integer Readonly
dropped_packets_by_access_list The total number of dropped packets by access list control

The total number of dropped TCP SYN or UDP packets by access list
control.
integer
dropped_sessions_by_lbrule_action The total number of dropped sessions by LB rule action

The total number of dropped sessions by LB rule action.
integer
http_request_rate averabe number of http requests per second

The average number of http requests per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
http_requests The total number of http requests.

The total number of http requests.		 integer Readonly
max_sessions Number of maximum sessions

Number of maximum sessions.		 integer Readonly
packets_in Number of packets in

Number of packets in.		 integer Readonly
packets_in_rate average number of inbound packets per second

The average number of inbound packets per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
packets_out Number of packets out

Number of packets out.		 integer Readonly
packets_out_rate average number of outbound packets per second

The average number of outbound packets per second, the number is
averaged over the last 5 one-second intervals.
number Readonly
source_ip_persistence_entry_size Number of source IP persistence entries

Number of source IP persistence entries		 integer Readonly
total_sessions Number of total sessions

Number of total sessions.		 integer Readonly

LBTcpHeaderCondition (schema) (Deprecated)

Condition to match TCP header fields

This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
source_port TCP source port of HTTP message PortElement Required
type Must be set to the value LBTcpHeaderCondition LBRuleConditionType Required

LBTcpMonitorProfile (schema) (Deprecated)

LBMonitorProfile for active health checks over TCP

Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the
LBRule object. This represents active health monitoring over TCP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member
will the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring
the member back to UP state. After a healthcheck is initiated, if it
does not complete within a certain period, then also
the healthcheck is considered to be unsuccessful. Completing a
healthcheck within timeout means establishing a connection (TCP or SSL),
if applicable, sending the request and receiving the response, all within
the configured timeout.
LBTcpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count Monitor fall count for active healthchecks

Only if a healthcheck fails consecutively for a specified number of
times, given with fall_count, to a member will the member status be
marked DOWN.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval Monitor interval in seconds for active healthchecks

Active healthchecks are initiated periodically, at a configurable
interval (in seconds), to each member of the Group.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
monitor_port Monitor port for active healthchecks

Typically, monitors perform healthchecks to Group members using the
member IP address and pool_port.
However, in some cases, customers prefer to run healthchecks against a
different port than the pool member port which handles actual
application traffic. In such cases, the port to run healthchecks
against can be specified in the monitor_port value.
For ICMP monitor, monitor_port is not required.
int Minimum: 0
Maximum: 65535
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
receive Expected data received from server

Expected data, if specified, can be anywhere in the response and it has
to be a string, regular expressions are not supported.
string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBTcpMonitorProfile LBMonitorProfileType Required
rise_count Monitor rise count for active healthchecks

Once a member is DOWN, a specified number of consecutive successful
healthchecks specified by rise_count will bring the member back to UP
state.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
send Data to send

If both send and receive are not specified, then just a TCP connection
is established (3-way handshake) to validate server is healthy, no
data is sent.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Monitor timeout in seconds for active healthchecks

Timeout specified in seconds. After a healthcheck is initiated, if it
does not complete within a certain period, then also the healthcheck
is considered to be unsuccessful. Completing a healthcheck within
timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the
configured timeout.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBUdpMonitorProfile (schema) (Deprecated)

LBMonitorProfile for active health checks over UDP

Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over UDP. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBUdpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count Monitor fall count for active healthchecks

Only if a healthcheck fails consecutively for a specified number of
times, given with fall_count, to a member will the member status be
marked DOWN.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval Monitor interval in seconds for active healthchecks

Active healthchecks are initiated periodically, at a configurable
interval (in seconds), to each member of the Group.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
monitor_port Monitor port for active healthchecks

Typically, monitors perform healthchecks to Group members using the
member IP address and pool_port.
However, in some cases, customers prefer to run healthchecks against a
different port than the pool member port which handles actual
application traffic. In such cases, the port to run healthchecks
against can be specified in the monitor_port value.
For ICMP monitor, monitor_port is not required.
int Minimum: 0
Maximum: 65535
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
receive Expected data received from server

Expected data, can be anywhere in the response and it has to be a
string, regular expressions are not supported.
UDP healthcheck is considered failed if there is no server response
within the timeout period.
string Required
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBUdpMonitorProfile LBMonitorProfileType Required
rise_count Monitor rise count for active healthchecks

Once a member is DOWN, a specified number of consecutive successful
healthchecks specified by rise_count will bring the member back to UP
state.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
send Data to send

The data to be sent to the monitored server.
string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Monitor timeout in seconds for active healthchecks

Timeout specified in seconds. After a healthcheck is initiated, if it
does not complete within a certain period, then also the healthcheck
is considered to be unsuccessful. Completing a healthcheck within
timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the
configured timeout.
integer Minimum: 1
Maximum: 2147483647
Default: "5"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBUsageSeverity (schema)

Load balancer usage severity

Severity is calculated from usage percentage:
GREEN means the current usage percentage is less than 60%.
ORANGE means the current usage percentage is less than 80% and larger than
or equal to 60%.
RED means the current usage percentage is larger than or equal to 80%.

Name Description Type Notes
LBUsageSeverity Load balancer usage severity

Severity is calculated from usage percentage:
GREEN means the current usage percentage is less than 60%.
ORANGE means the current usage percentage is less than 80% and larger than
or equal to 60%.
RED means the current usage percentage is larger than or equal to 80%.
string Enum: GREEN, ORANGE, RED

LBUsageSummaryRequestParameters (schema)

Load balancer usage summary request parameters

Name Description Type Notes
include_usages Whether to include usages

Specify whether to include usages in response.
boolean

LBVariableAssignmentAction (schema) (Deprecated)

Action to create variable and assign value to it

This action is used to create a new variable and assign value to it.
One action can be used to create one variable. To create multiple
variables, multiple actions must be defined.
The variables can be used by LBVariableCondition, etc.

Name Description Type Notes
type Must be set to the value LBVariableAssignmentAction LBRuleActionType Required
variable_name Name of the variable to be assigned

Name of the variable to be assigned.		 string Required
variable_value Value of variable

Value of variable.		 string Required

LBVariableCondition (schema) (Deprecated)

Condition to match IP header fields

This condition is used to match variable's name and value at all
phases. The variables could be captured from REGEX or assigned by
LBVariableAssignmentAction or system embedded variable. Varialbe_name
and variable_value should be matched at the same time.

Name Description Type Notes
case_sensitive A case sensitive flag for variable value comparing

If true, case is significant when comparing variable value.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of variable value LbRuleMatchType Default: "REGEX"
type Must be set to the value LBVariableCondition LBRuleConditionType Required
variable_name Name of the variable to be matched string Required
variable_value Value of variable to be matched string Required

LBVariablePersistenceLearnAction (schema) (Deprecated)

Action to learn the variable value

This action is performed in HTTP response rewrite phase. It is used to
learn the value of variable from the HTTP response, and insert an entry
into the persistence table if the entry doesn't exist.

Name Description Type Notes
persistence_profile_path Path to LBPersistenceProfile

If the persistence profile path is not specified, a default
persistence table is created per virtual server. Currently, only
LBGenericPersistenceProfile is supported.
string
type Must be set to the value LBVariablePersistenceLearnAction LBRuleActionType Required
variable_hash_enabled Whether to enable a hash operation for variable value

The property is used to enable a hash operation for variable value
when composing the persistence key.
boolean Default: "False"
variable_name Variable name

The property is the name of variable to be learnt. It is used to
identify which variable's value is learnt from HTTP response.
The variable can be a built-in variable such as "_cookie_JSESSIONID",
a customized variable defined in LBVariableAssignmentAction or a
captured variable in regular expression such as "article".
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
string Required

LBVariablePersistenceOnAction (schema) (Deprecated)

Action to persist the variable value

This action is performed in HTTP forwarding phase. It is used to inspect
the variable of HTTP request, and look up the persistence entry with its
value and pool uuid as key.
If the persistence entry is found, the HTTP request is forwarded to the
recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the
table after backend server is selected.

Name Description Type Notes
persistence_profile_path Path to LBPersistenceProfile

If the persistence profile path is not specified, a default
persistence table is created per virtual server. Currently, only
LBGenericPersistenceProfile is supported.
string
type Must be set to the value LBVariablePersistenceOnAction LBRuleActionType Required
variable_hash_enabled Whether to enable a hash operation for variable value

The property is used to enable a hash operation for variable value
when composing the persistence key.
boolean Default: "False"
variable_name Variable name

The property is the name of variable to be used. It specifies which
variable's value of a HTTP Request will be used in the key of
persistence entry. The variable can be a built-in variable such
as "_cookie_JSESSIONID", a customized variable defined in
LBVariableAssignmentAction or a captured variable in regular expression
such as "article".
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
string Required

LBVirtualServer (schema)

Base class for each type of LBVirtualServer

All the types of LBVirtualServer extend from this abstract class. This
is present for extensibility.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
access_list_control IP access list control to filter the connections

Specifies the access list control to define how to filter the
connections from clients.
LBAccessListControl
access_log_enabled Access log enabled setting

If access log is enabled, all HTTP requests sent to L7 virtual server
are logged to the access log file. Both successful returns information
responses(1xx), successful responses(2xx), redirection messages(3xx) and
unsuccessful requests, backend server returns 4xx or 5xx, are logged to
access log, if enabled. All L4 virtual server connections are also
logged to the access log if enabled. The non-significant events such as
successful requests are not logged if log_significant_event_only is set
to true.
boolean Default: "False"
application_profile_path Application profile path

The application profile defines the application protocol characteristics.
It is used to influence how load balancing is performed. Currently,
LBFastTCPProfile, LBFastUDPProfile and
LBHttpProfile, etc are supported.
string Required
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
client_ssl_profile_binding Virtual server side SSL binding setting

The setting is used when load balancer acts as an SSL server and
terminating the client SSL connection. The property is deprecated as
NSX-T Load Balancer is deprecated.
LBClientSslProfileBinding Deprecated
default_pool_member_ports Default pool member ports when member port is not defined.

Default pool member ports when member port is not defined.
array of PortElement Maximum items: 14
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled whether the virtual server is enabled

Flag to enable the load balancer virtual server.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ip_address IP address of the LBVirtualServer

Configures the IP address of the LBVirtualServer where it
receives all client connections and distributes them among the
backend servers.
IPAddress Required
lb_persistence_profile_path Persistence Profile used by LBVirtualServer

Path to optional object that enables persistence on a virtual server
allowing related client connections to be sent to the same backend
server. Persistence is disabled by default.
string
lb_service_path Path to LBService object for LBVirtualServer

virtual servers can be associated to LBService(which is
similar to physical/virtual load balancer), LB virtual servers,
pools and other entities could be defined independently, the LBService
identifier list here would be used to maintain the relationship of
LBService and other LB entities.
string
log_significant_event_only Log only significant event in access log

The property log_significant_event_only can take effect only when
access_log_enabled is true. If log_significant_event_only is true,
significant events are logged in access log.
For L4 virtual server, significant event means unsuccessful(error or
dropped) TCP/UDP connections.
For L7 virtual server, significant event means unsuccessful connections
or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx).
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
max_concurrent_connections Maximum concurrent connection number

To ensure one virtual server does not over consume resources,
affecting other applications hosted on the same LBS, connections
to a virtual server can be capped.
If it is not specified, it means that connections are unlimited.
The property is deprecated as NSX-T Load Balancer is deprecated.
integer Deprecated
Minimum: 1
Maximum: 2147483647
max_new_connection_rate Maximum new connection rate in connections per second

To ensure one virtual server does not over consume resources,
connections to a member can be rate limited.
If it is not specified, it means that connection rate is unlimited.
The property is deprecated as NSX-T Load Balancer is deprecated.
integer Deprecated
Minimum: 1
Maximum: 2147483647
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pool_path Default server pool path

The server pool(LBPool) contains backend servers. Server pool
consists of one or more servers, also referred to as pool members, that
are similarly configured and are running the same application.
string
ports Virtual server port number(s) or port range(s)

Ports contains a list of at least one port or port range such as "80",
"1234-1236". Each port element in the list should be a single port or a
single port range.
array of PortElement Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LBVirtualServer string
rules List of load balancer rules

Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for
only layer 7 virtual servers with LBHttpProfile. The property is
deprecated as NSX-T Load Balancer is deprecated.
array of LBRule Deprecated
Maximum items: 4000
server_ssl_profile_binding Pool side SSL binding setting

The setting is used when load balancer acts as an SSL client and
establishing a connection to the backend server. The property is
deprecated as NSX-T Load Balancer is deprecated.
LBServerSslProfileBinding Deprecated
sorry_pool_path Sorry server pool path

When load balancer can not select a backend server to serve the
request in default pool or pool in rules, the request would be served
by sorry server pool. The property is deprecated as NSX-T Load Balancer
is deprecated.
string Deprecated
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LBVirtualServerListResult (schema)

Paged Collection of LBVirtualServers

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LBVirtualServer list results array of LBVirtualServer Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LBVirtualServerStatistics (schema)

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
last_update_timestamp Timestamp when the data was last updated

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
resource_type Must be set to the value LBVirtualServerStatistics string Required
statistics Virtual server statistics counter

Virtual server statistics counter.		 LBStatisticsCounter Readonly
virtual_server_path load balancer virtual server object path

load balancer virtual server object path.		 string Readonly

LBVirtualServerStatisticsPerEP (schema)

LBVirtualServerStatistics on specific Enforcement Point

This is an abstract type. Concrete child types:
LBVirtualServerStatistics

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required

LBVirtualServerStatus (schema)

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
last_update_timestamp Timestamp when the data was last updated.

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
resource_type Must be set to the value LBVirtualServerStatus string Required
status Virtual server status

UP means that all primary members in default pool are in UP status.
For L7 virtual server, if there is no default pool, the virtual server
would be treated as UP.
PARTIALLY_UP means that some(not all) primary members in default pool
are in UP status. The size of these active primary members should be
larger than or equal to the certain number(min_active_members) which is
defined in LBPool. When there are no backup members which are in the UP
status, the number(min_active_members) would be ignored.
PRIMARY_DOWN means that less than certain(min_active_members) primary
members in default pool are in UP status but backup members are in UP
status, the connections would be dispatched to backup members.
DOWN means that all primary and backup members are in DOWN status.
DETACHED means that the virtual server is not bound to any service.
DISABLED means that the admin state of the virtual server is disabled.
UNKOWN means that no status reported from transport-nodes. The
associated load balancer service may be working(or not working).
string Readonly
Enum: UP, PARTIALLY_UP, PRIMARY_DOWN, DOWN, DETACHED, DISABLED, UNKNOWN
virtual_server_path load balancer virtual server object path

load balancer virtual server object path.		 string Readonly

LBVirtualServerStatusPerEP (schema)

LBVirtualServerStatus on specific Enforcement Point

This is an abstract type. Concrete child types:
LBVirtualServerStatus

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly
resource_type string Required

LBXForwardedForType (schema) (Deprecated)

X-forwarded-for type

X-forwarded-for type.

Name Description Type Notes
LBXForwardedForType X-forwarded-for type

X-forwarded-for type.		 string Deprecated
Enum: INSERT, REPLACE

Label (schema)

Label

Label that will be displayed for a UI element.

Name Description Type Notes
condition Expression for evaluating condition

If the condition is met then the label will be applied. Examples of expression syntax are provided under example_request section of CreateWidgetConfiguration API.		 string Maximum length: 1024
hover Show label only on hover

If true, displays the label only on hover		 boolean Default: "False"
icons Icons

Icons to be applied at dashboard for the label		 array of Icon Minimum items: 0
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string Maximum length: 1024
text Label text

Text to be displayed at the label.		 string Required
Maximum length: 255

LabelValueConfiguration (schema)

Label Value Dashboard Widget Configuration

Represents a Label-Value widget configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
layout Layout of properties inside widget

Layout of properties can be vertical or grid. If layout is not specified a default vertical layout is applied.		 Layout
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string Maximum length: 1024
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
properties Rows

An array of label-value properties.		 array of PropertyItem Required
resource_type Must be set to the value LabelValueConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
sub_type Sub-type of the LabelValueConfiguration

A sub-type of LabelValueConfiguration. If sub-type is not specified the parent type is rendered. For VERTICALLY_ALIGNED sub_type, the value is placed below the label. For HORIZONTALLY_ALIGNED sub_type, the value is placed right hand side of the label.		 string Enum: VERTICALLY_ALIGNED, HORIZONTALLY_ALIGNED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

LacpGroupConfigInfo (schema)

Name Description Type Notes
key The generated key as the identifier for the group

The key represents the identifier for the group that is unique
across VC.
string
load_balance_algorithm Load balance policy

Load balance algorithm used in LACP group. The possible values
are dictated by the values available in VC. Please refer
VMwareDvsLacpLoadBalanceAlgorithm documentation for a full list
of values. A few examples are srcDestIp where source and destination
IP are considered, srcIp where only source IP is considered.
string
mode The mode of Link Aggregation Control Protocol (LACP)

The mode of LACP can be ACTIVE or PASSIVE. If the mode is ACTIVE, LACP
is enabled unconditionally. If the mode is PASSIVE, LACP is enabled
only if LACP device is detected.
string Enum: ACTIVE, PASSIVE
name The display name

The display name of the LACP group.		 string
timeout_type LACP timeout mode

To set the lag mode as fast for LACP. By default, it will be slow.		 string Enum: FAST, SLOW
Default: "SLOW"
uplink_names Uplink names

Names for the uplink ports in the group.		 array of string
uplink_num The number of uplink ports integer
uplink_port_keys Keys for the uplink ports

Keys for the uplink ports in the group. Each uplink port is
assigned a key that is unique across VC.
array of string

Lag (schema) (Deprecated)

LACP group

Name Description Type Notes
id unique id string Readonly
load_balance_algorithm LACP load balance Algorithm string Required
Enum: SRCMAC, DESTMAC, SRCDESTMAC, SRCDESTIPVLAN, SRCDESTMACIPPORT
mode LACP group mode string Required
Enum: ACTIVE, PASSIVE
name Lag name string Required
number_of_uplinks number of uplinks int Required
Minimum: 2
Maximum: 32
timeout_type LACP timeout type string Enum: SLOW, FAST
Default: "SLOW"
uplinks uplink names array of Uplink Readonly
Maximum items: 32

LatencyStatProfile (schema)

Latency Stat Profile

Latency stat service profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
pnic_latency_enabled Enable or Disable pnic latency.
boolean Default: "False"
resource_type Must be set to the value LatencyStatProfile string
sampling_interval Latency sampling interval

Event nth milliseconds packet is sampled. When a value less than
1000 is given, the realized sampling interval will be 1000 milliseconds.
integer Minimum: 1
Maximum: 1000000
sampling_rate Latency sampling rate

Event nth packet is sampled.
integer Minimum: 100
Maximum: 1000000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LatencyStatProfileListResult (schema)

List of latency profile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Latency Stat Profile List

Latency stat profile list.		 array of LatencyStatProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Layout (schema)

Layout of a container or widget

Represents layout of a container or widget

Name Description Type Notes
properties LayoutProperties
type Type of layout of a container or widget

Describes layout of a container or widget. Layout describes how individual widgets are placed inside the container. For example, if HORIZONTAL is chosen widgets are placed side by side inside the container. If VERTICAL is chosen then widgets are placed one below the other. If GRID is chosen then the container or widget display area is divided into a grid of m rows and n columns, as specified in the properties, and the widgets are placed inside the grid. If AUTO is chosen then container or widgets display area will be automatically calculated depending upon the required width.		 string Enum: HORIZONTAL, VERTICAL, GRID, AUTO
Default: "HORIZONTAL"

LayoutProperties (schema)

Layout properties of a container or widget

Properties of the layout of a container or widget

Name Description Type Notes
num_columns Number of columns of grid

Describes the number of columns of grid layout of a container or widget. This property is applicable for grid layout only.		 int
num_rows Number of rows of grid

Describes the number of rows of grid layout of a container or widget. This property is applicable for grid layout only.		 int

LbAccessListControl (schema)

IP access list control to filter the connections from clients

LbAccessListControl is used to define how IP access list control can filter
the connections from clients.

Name Description Type Notes
action IP access list control action

ALLOW means connections matching grouping object IP list are allowed
and requests not matching grouping object IP list are dropped.
DROP means connections matching grouping object IP list are dropped
and requests not matching grouping object IP list are allowed.
string Required
Enum: ALLOW, DROP
enabled Whether to enable access list control option

The enabled flag indicates whether to enable access list control option.
It is false by default.
boolean Default: "False"
group_id Grouping object identifier

The identifier of grouping object which defines the IP addresses or
ranges to match the client IP.
string Required

LbActiveMonitor (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count num of consecutive checks must fail before marking it down integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval the frequency at which the system issues the monitor check (in second) integer Minimum: 1
Maximum: 2147483647
Default: "5"
monitor_port port which is used for healthcheck

If the monitor port is specified, it would override pool member port
setting for healthcheck. A port range is not supported.
For ICMP monitor, monitor_port is not required.
PortElement
resource_type Must be set to the value LbActiveMonitor MonitorType Required
rise_count num of consecutive checks must pass before marking it up integer Minimum: 1
Maximum: 2147483647
Default: "3"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout the number of seconds the target has in which to respond to the monitor request integer Minimum: 1
Maximum: 2147483647
Default: "15"

LbAppProfile (schema)

This is an abstract type. Concrete child types:
LbFastTcpProfile
LbFastUdpProfile
LbHttpProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value LbAppProfile ApplicationProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbAppProfileListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Load balancer application profile type

Specify this type parameter to retrieve a list of load balancer
application profiles of specified type.
ApplicationProfileType

LbAppProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of load balancer application profiles array of LbAppProfile
(Abstract type: pass one of the following concrete types)
LbFastTcpProfile
LbFastUdpProfile
LbHttpProfile		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbClientCertificateIssuerDnCondition (schema) (Deprecated)

Match condition for client certficate issuer DN

Name Description Type Notes
case_sensitive A case sensitive flag for issuer DN comparing

If true, case is significant when comparing issuer DN value.
boolean Default: "True"
issuer_dn Value of issuer DN string Required
match_type Match type of issuer DN LbRuleMatchType Default: "REGEX"

LbClientCertificateSubjectDnCondition (schema) (Deprecated)

Match condition for client certficate subject DN

Name Description Type Notes
case_sensitive A case sensitive flag for subject DN comparing

If true, case is significant when comparing subject DN value.
boolean Default: "True"
match_type Match type of subject DN LbRuleMatchType Default: "REGEX"
subject_dn Value of subject DN string Required

LbClientSslProfile (schema) (Deprecated)

The object is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cipher_group_label Label of cipher group

It is a label of cipher group which is mostly consumed by GUI.
SslCipherGroup
ciphers supported SSL cipher list to client side array of SslCipher
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_fips FIPS compliance of ciphers and protocols

This flag is set to true when all the ciphers and protocols are FIPS
compliant. It is set to false when one of the ciphers or protocols are
not FIPS compliant..
boolean Readonly
is_secure Secure/Insecure SSL profile flag

This flag is set to true when all the ciphers and protocols are secure.
It is set to false when one of the ciphers or protocols is insecure.
boolean Readonly
prefer_server_ciphers prefer server ciphers flag

During SSL handshake as part of the SSL client Hello client sends an
ordered list of ciphers that it can support (or prefers) and typically
server selects the first one from the top of that list it can also
support. For Perfect Forward Secrecy(PFS), server could override the
client's preference.
boolean Default: "True"
protocols supported SSL protocol list to client side

SSL versions TLS1.1 and TLS1.2 are supported and enabled by default.
SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default.
array of SslProtocol
resource_type Must be set to the value LbClientSslProfile string
session_cache_enabled session cache enable/disable flag

SSL session caching allows SSL client and server to reuse previously
negotiated security parameters avoiding the expensive public key
operation during handshake.
boolean Default: "True"
session_cache_timeout SSL session cache timeout value

Session cache timeout specifies how long the SSL session parameters
are held on to and can be reused.
integer Minimum: 1
Maximum: 86400
Default: "300"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbClientSslProfileListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of load balancer client SSL profiles array of LbClientSslProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbConnectionDropAction (schema) (Deprecated)

Action to drop connections

This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.

Name Description Type Notes
type Must be set to the value LbConnectionDropAction LbRuleActionType Required

LbCookiePersistenceProfile (schema) (Deprecated)

The object is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cookie_domain cookie domain

HTTP cookie domain could be configured, only available for insert mode.
string
cookie_fallback cookie persistence fallback

If fallback is true, once the cookie points to a server that is down
(i.e. admin state DISABLED or healthcheck state is DOWN), then a new
server is selected by default to handle that request.
If fallback is false, it will cause the request to be rejected if
cookie points to a server
boolean Default: "True"
cookie_garble cookie persistence garble

If garble is set to true, cookie value (server IP and port) would be
encrypted.
If garble is set to false, cookie value would be plain text.
boolean Default: "True"
cookie_httponly Cookie httponly flag

If cookie httponly flag is true, it prevents a script running in the
browser from accessing the cookie. Only available for insert mode.
boolean Default: "False"
cookie_mode cookie persistence mode CookiePersistenceModeType Default: "INSERT"
cookie_name cookie name string Required
cookie_path cookie path

HTTP cookie path could be set, only available for insert mode.
string
cookie_secure Cookie secure flag

If cookie secure flag is true, it prevents the browser from sending a
cookie over http. The cookie is sent only over https. Only
available for insert mode.
boolean Default: "False"
cookie_time cookie time setting

Both session cookie and persistence cookie are supported, if not
specified, it's a session cookie. It expires when the browser is
closed.
LbCookieTime
(Abstract type: pass one of the following concrete types)
LbPersistenceCookieTime
LbSessionCookieTime
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
persistence_shared Persistence shared flag

The persistence shared flag identifies whether the persistence table
is shared among virtual-servers referring this profile.
If persistence shared flag is not set in the cookie persistence profile
bound to a virtual server, it defaults to cookie persistence that is
private to each virtual server and is qualified by the pool. This is
accomplished by load balancer inserting a cookie with name in the
format <name>.<virtual_server_id>.<pool_id>.
If persistence shared flag is set in the cookie persistence profile, in
cookie insert mode, cookie persistence could be shared across multiple
virtual servers that are bound to the same pools. The cookie name would
be changed to <name>.<profile-id>.<pool-id>.
If persistence shared flag is not set in the sourceIp persistence
profile bound to a virtual server, each virtual server that the profile
is bound to maintains its own private persistence table.
If persistence shared flag is set in the sourceIp persistence profile,
all virtual servers the profile is bound to share the same persistence
table.
If persistence shared flag is not set in the generic persistence
profile, the persistence entries are matched and stored in the table
which is identified using both virtual server ID and profile ID.
If persistence shared flag is set in the generic persistence profile,
the persistence entries are matched and stored in the table which is
identified using profile ID. It means that virtual servers which
consume the same profile in the LbRule with this flag enabled are
sharing the same persistence table.
boolean Default: "False"
resource_type Must be set to the value LbCookiePersistenceProfile PersistenceProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbCookieTime (schema) (Deprecated)

This is an abstract type. Concrete child types:
LbPersistenceCookieTime
LbSessionCookieTime

Name Description Type Notes
type CookieTimeType Required

LbEdgeNodeUsage (schema) (Deprecated)

The load balancer usage for an edge node

The capacity contains basic information and load balancer entity usages
and capacity for the given edge node.

Name Description Type Notes
current_credit_number Current credit number

The current credit number reflects the current usage on the node.
For example, configuring a medium load balancer on a node consumes
10 credits. If there are 2 medium instances configured on a node,
the current credit number is 2 * 10 = 20.
integer Readonly
current_large_load_balancer_services The current number of large load balancer services

The number of large load balancer services configured on the node.
integer Readonly
current_medium_load_balancer_services The current number of medium load balancer services

The number of medium load balancer services configured on the node.
integer Readonly
current_pool_members The current number of pool members

The number of pool members configured on the node.
integer Readonly
current_pools The current number of pools

The number of pools configured on the node.
integer Readonly
current_small_load_balancer_services The current number of small load balancer services

The number of small load balancer services configured on the node.
integer Readonly
current_virtual_servers The current number of virtual servers

The number of virtual servers configured on the node.
integer Readonly
current_xlarge_load_balancer_services The current number of xlarge load balancer services

The number of xlarge load balancer services configured on the node.
integer Readonly
edge_cluster_id The ID of edge cluster

The ID of edge cluster which contains the edge node.
string Readonly
form_factor The form factor of the given edge node

The form factor of the given edge node.
string Readonly
Enum: SMALL_VIRTUAL_MACHINE, MEDIUM_VIRTUAL_MACHINE, LARGE_VIRTUAL_MACHINE, XLARGE_VIRTUAL_MACHINE, PHYSICAL_MACHINE
node_id The UUID of the node for load balancer node usage

The property identifies the node UUID for load balancer node usage.
string Required
remaining_credit_number Remaining credit number

The remaining credit number is the remaining credits that can be used
for load balancer service configuration. For example, an edge node with
form factor LARGE_VIRTUAL_MACHINE has 40 credits, and a medium
load balancer instance costs 10 credits. If there are currently
3 medium instances configured, the remaining credit number is
40 - (3 * 10) = 10.
integer Readonly
remaining_large_load_balancer_services The remaining number of large load balancer services

The remaining number of large load balancer services which could be
configured on the given edge node.
integer Readonly
remaining_medium_load_balancer_services The remaining number of medium load balancer services

The remaining number of medium load balancer services which could be
configured on the given edge node.
integer Readonly
remaining_pool_members The remaining number of pool members

The remaining number of pool members which could be configured on the
given edge node.
integer Readonly
remaining_small_load_balancer_services The remaining number of small load balancer services

The remaining number of small load balancer services which could be
configured on the given edge node.
integer Readonly
remaining_xlarge_load_balancer_services The remaining number of xlarge load balancer services

The remaining number of xlarge load balancer services which could be
configured on the given edge node.
integer Readonly
severity LB usage severity

The severity calculation is based on current credit usage percentage
of load balancer for one node.
LbUsageSeverity Readonly
type Must be set to the value LbEdgeNodeUsage LbNodeUsageType Required
usage_percentage Usage percentage

The usage percentage of the edge node for load balancer.
The value is the larger value between load balancer credit usage
percentage and pool member usage percentage for the edge node.
number Readonly

LbFastTcpProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
close_timeout TCP connection idle timeout in seconds

It is used to specify how long a closing TCP connection (both FINs
received or a RST is received) should be kept for this application
before cleaning up the connection.
integer Minimum: 1
Maximum: 60
Default: "8"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ha_flow_mirroring_enabled flow mirroring enabled flag

If flow mirroring is enabled, all the flows to the bounded virtual
server are mirrored to the standby node.
boolean Default: "False"
id Unique identifier of this resource string Sortable
idle_timeout TCP connection idle timeout in seconds

It is used to configure how long an idle TCP connection in ESTABLISHED
state should be kept for this application before cleaning up.
integer Minimum: 1
Maximum: 2147483647
Default: "1800"
resource_type Must be set to the value LbFastTcpProfile ApplicationProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbFastUdpProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
flow_mirroring_enabled flow mirroring enabled flag

If flow mirroring is enabled, all the flows to the bounded virtual
server are mirrored to the standby node.
boolean Default: "False"
id Unique identifier of this resource string Sortable
idle_timeout UDP idle timeout in seconds

Though UDP is a connectionless protocol, for the purposes of load
balancing, all UDP packets with the same flow signature (source and
destination IP/ports and IP protocol) received within the idle timeout
period are considered to belong to the same connection and are sent to
the same backend server. If no packets are received for idle timeout
period, the connection (association between flow signature and the
selected server) is cleaned up.
integer Minimum: 1
Maximum: 2147483647
Default: "300"
resource_type Must be set to the value LbFastUdpProfile ApplicationProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbGenericPersistenceProfile (schema) (Deprecated)

LB generic persistence profile

The profile is used to define the persistence entry expiration time,
mirroring enabled flag to synchronize persistence entries, persistence
shared flag for the associated virtual servers. The profile cannot be
attached to virtual server directly, it can be only consumed by LB rule
action. In HTTP forwarding phase, LBVariablePersistenceOnAction can be
used to consume LbGenericPersistenceProfile. In HTTP response rewriting
phase, LBVariablePersistenceLearnAction is used instead.
The object is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ha_persistence_mirroring_enabled Mirroring enabled flag

The mirroring enabled flag is to synchronize persistence entries.
Persistence entries are not synchronized to the HA peer by default.
boolean Default: "False"
id Unique identifier of this resource string Sortable
persistence_shared Persistence shared flag

The persistence shared flag identifies whether the persistence table
is shared among virtual-servers referring this profile.
If persistence shared flag is not set in the cookie persistence profile
bound to a virtual server, it defaults to cookie persistence that is
private to each virtual server and is qualified by the pool. This is
accomplished by load balancer inserting a cookie with name in the
format <name>.<virtual_server_id>.<pool_id>.
If persistence shared flag is set in the cookie persistence profile, in
cookie insert mode, cookie persistence could be shared across multiple
virtual servers that are bound to the same pools. The cookie name would
be changed to <name>.<profile-id>.<pool-id>.
If persistence shared flag is not set in the sourceIp persistence
profile bound to a virtual server, each virtual server that the profile
is bound to maintains its own private persistence table.
If persistence shared flag is set in the sourceIp persistence profile,
all virtual servers the profile is bound to share the same persistence
table.
If persistence shared flag is not set in the generic persistence
profile, the persistence entries are matched and stored in the table
which is identified using both virtual server ID and profile ID.
If persistence shared flag is set in the generic persistence profile,
the persistence entries are matched and stored in the table which is
identified using profile ID. It means that virtual servers which
consume the same profile in the LbRule with this flag enabled are
sharing the same persistence table.
boolean Default: "False"
resource_type Must be set to the value LbGenericPersistenceProfile PersistenceProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Persistence entry expiration time in seconds

When all connections complete (reference count reaches 0), persistence
entry timer is started with the expiration time.
integer Minimum: 1
Maximum: 2147483647
Default: "300"

LbHttpMonitor (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count num of consecutive checks must fail before marking it down integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval the frequency at which the system issues the monitor check (in second) integer Minimum: 1
Maximum: 2147483647
Default: "5"
monitor_port port which is used for healthcheck

If the monitor port is specified, it would override pool member port
setting for healthcheck. A port range is not supported.
For ICMP monitor, monitor_port is not required.
PortElement
request_body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. string
request_headers Array of HTTP request headers array of LbHttpRequestHeader
request_method the health check method for HTTP monitor type HttpRequestMethodType Default: "GET"
request_url URL used for HTTP monitor string
request_version HTTP request version HttpRequestVersionType Default: "HTTP_VERSION_1_1"
resource_type Must be set to the value LbHttpMonitor MonitorType Required
response_body response body to match

If HTTP response body match string (regular expressions not supported)
is specified (using LbHttpMonitor.response_body) then the
healthcheck HTTP response body is matched against the specified string
and server is considered healthy only if there is a match.
If the response body string is not specified, HTTP healthcheck is
considered successful if the HTTP response status code is 2xx, but it
can be configured to accept other status codes as successful.
string
response_status_codes Array of single HTTP response status codes

The HTTP response status code should be a valid HTTP status code.
array of int Maximum items: 64
rise_count num of consecutive checks must pass before marking it up integer Minimum: 1
Maximum: 2147483647
Default: "3"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout the number of seconds the target has in which to respond to the monitor request integer Minimum: 1
Maximum: 2147483647
Default: "15"

LbHttpProfile (schema) (Deprecated)

The object is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
http_redirect_to http redirect static URL

If a website is temporarily down or has moved, incoming requests
for that virtual server can be temporarily redirected to a URL
string
http_redirect_to_https flag to indicate whether enable HTTP-HTTPS redirect

Certain secure applications may want to force communication over SSL,
but instead of rejecting non-SSL connections, they may choose to
redirect the client automatically to use SSL.
boolean Default: "False"
id Unique identifier of this resource string Sortable
idle_timeout HTTP application idle timeout in seconds

It is used to specify the HTTP application idle timeout, it means that
how long the load balancer will keep the connection idle to wait for
the client to send the next keep-alive request. It is not a TCP socket
setting.
integer Minimum: 1
Maximum: 5400
Default: "15"
ntlm NTLM support flag

NTLM is an authentication protocol that can be used over HTTP. If the
flag is set to true, LB will use NTLM challenge/response methodology.
This property is deprecated. Please use the property server_keep_alive
in order to keep the backend server connection alive for the client
connection.
When create a new profile, if both ntlm and server_keep_alive are set
as different values, ERROR will be reported.
When update an existing profile, if either ntlm or server_keep_alive
value is changed, both of them are updated with the changed value.
boolean Deprecated
request_body_size Maximum size of the buffer used to store HTTP request body

If it is not specified, it means that request body size is unlimited.
integer Minimum: 1
Maximum: 2147483647
request_header_size Maximum size of the buffer used to store HTTP request headers

A request with header equal to or below this size is guaranteed to be
processed. A request with header larger than request_header_size will
be processed up to 32K bytes on best effort basis.
integer Minimum: 1
Default: "1024"
resource_type Must be set to the value LbHttpProfile ApplicationProfileType Required
response_buffering Enable or disable buffering of responses

When buffering is disabled, the response is passed to a client
synchronously, immediately as it is received.
When buffering is enabled, LB receives a response from the backend
server as soon as possible, saving it into the buffers.
boolean Default: "False"
response_header_size Maximum size of the buffer used to store HTTP response headers

A response with header larger than response_header_size will be dropped.
integer Minimum: 1
Maximum: 65536
Default: "4096"
response_timeout Maximum server idle time in seconds

If server doesn't send any packet within this time, the connection is closed.
integer Minimum: 1
Maximum: 2147483647
Default: "60"
server_keep_alive Server keep-alive flag

If server_keep_alive is true, it means the backend connection will keep
alive for the client connection. Every client connection is tied 1:1
with the corresponding server-side connection.
If server_keep_alive is false, it means the backend connection won't
keep alive for the client connection. The default value is false.
If server_keep_alive is not specified for API input, its value in API
output will be the same with the property ntlm.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
x_forwarded_for insert or replace x_forwarded_for

When X-Forwareded-For is configured, X-Forwarded-Proto and
X-Forwarded-Port information is added automatically. The two additional
header information can be also modified or deleted in load balancer
rules.
XForwardedForType

LbHttpRedirectAction (schema) (Deprecated)

Action to redirect HTTP request messages

This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser).
The HTTP status code for redirection is 3xx, for example, 301, 302, 303,
307, etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message.
Captured variables and built-in variables can be used in redirect_url field.
For example, to redirect all HTTP requests to HTTPS requests for a virtual
server. We create an LbRule without any conditions, add an
LbHttpRedirectAction to the rule. Set the
redirect_url field of the LbHttpRedirectAction to:
https://$_host$_request_uri
And set redirect_status to "302", which means found. This rule will
redirect all HTTP requests to HTTPS server port on the same host.

Name Description Type Notes
redirect_status HTTP response status code string Required
redirect_url The URL that the HTTP request is redirected to string Required
type Must be set to the value LbHttpRedirectAction LbRuleActionType Required

LbHttpRejectAction (schema) (Deprecated)

Action to reject HTTP request messages

This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LbHttpRejectAction does not support variables.

Name Description Type Notes
reply_message Response message string
reply_status HTTP response status code string Required
type Must be set to the value LbHttpRejectAction LbRuleActionType Required

LbHttpRequestBodyCondition (schema) (Deprecated)

Condition to match content of HTTP request message body

This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body.
The match_type field defines how body_value field is used to match the body
of HTTP requests.

Name Description Type Notes
body_value HTTP request body string Required
case_sensitive A case sensitive flag for HTTP body comparing

If true, case is significant when comparing HTTP body value.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of HTTP body LbRuleMatchType Default: "REGEX"
type Must be set to the value LbHttpRequestBodyCondition LbRuleConditionType Required

LbHttpRequestCookieCondition (schema) (Deprecated)

Condition to match HTTP request cookie

This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.

Name Description Type Notes
case_sensitive A case sensitive flag for cookie value comparing

If true, case is significant when comparing cookie value.
boolean Default: "True"
cookie_name Name of cookie string Required
cookie_value Value of cookie string Required
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of cookie value LbRuleMatchType Default: "REGEX"
type Must be set to the value LbHttpRequestCookieCondition LbRuleConditionType Required

LbHttpRequestHeader (schema) (Deprecated)

Name Description Type Notes
header_name Name of HTTP request header string Required
header_value Value of HTTP request header string Required

LbHttpRequestHeaderCondition (schema) (Deprecated)

Condition to match HTTP request header

This condition is used to match HTTP request messages by HTTP header
fields. HTTP header fields are components of the header section of HTTP
request and response messages. They define the operating parameters of an
HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
requests. The header_name field does not support match types.

Name Description Type Notes
case_sensitive A case sensitive flag for HTTP header value comparing

If true, case is significant when comparing HTTP header value.
boolean Default: "True"
header_name Name of HTTP header string Required
header_value Value of HTTP header string Required
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of HTTP header value LbRuleMatchType Default: "REGEX"
type Must be set to the value LbHttpRequestHeaderCondition LbRuleConditionType Required

LbHttpRequestHeaderDeleteAction (schema) (Deprecated)

Action to delete HTTP request header fields

This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.

Name Description Type Notes
header_name Name of a header field of HTTP request message string Required
type Must be set to the value LbHttpRequestHeaderDeleteAction LbRuleActionType Required

LbHttpRequestHeaderRewriteAction (schema) (Deprecated)

Action to rewrite header fields of HTTP request messages.

This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.

Name Description Type Notes
header_name Name of HTTP request header string Required
header_value Value of HTTP request header string Required
type Must be set to the value LbHttpRequestHeaderRewriteAction LbRuleActionType Required

LbHttpRequestMethodCondition (schema) (Deprecated)

Condition to match method of HTTP request messages

This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to
GET in this condition, any HTTP request with GET method matches the
condition.

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
method Type of HTTP request method HttpRequestMethodType Required
type Must be set to the value LbHttpRequestMethodCondition LbRuleConditionType Required

LbHttpRequestUriArgumentsCondition (schema) (Deprecated)

Condition to match URI arguments of HTTP requests

This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LbRuleAction fields which support variables.

Name Description Type Notes
case_sensitive A case sensitive flag for URI arguments comparing

If true, case is significant when comparing URI arguments.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of URI arguments LbRuleMatchType Default: "REGEX"
type Must be set to the value LbHttpRequestUriArgumentsCondition LbRuleConditionType Required
uri_arguments URI arguments

URI arguments, aka query string of URI.
string Required

LbHttpRequestUriCondition (schema) (Deprecated)

Condition to match URIs of HTTP request messages

This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression.
If an HTTP request message is requesting an URI which matches specified
regular expression, it matches the condition.
The syntax of whole URI looks like this:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI.
When match_type field is specified as REGEX, the uri field is used as a
regular expression to match URI path of HTTP requests. For example, to
match any URI that has "/image/" or "/images/", uri field can be specified
as: "/image[s]?/".
Named capturing groups can be used in the uri field to capture substrings
of matched URIs and store them in variables for use in LbRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)"
If the URI path is /articles/news/2017/06/xyz.html, then substring "2017"
is captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then
be used in an LbRuleAction field which supports variables, such as uri
field of LbHttpRequestUriRewriteAction. For example, set the uri field
of LbHttpRequestUriRewriteAction as:
"/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"

Name Description Type Notes
case_sensitive A case sensitive flag for URI comparing

If true, case is significant when comparing URI.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of URI LbRuleMatchType Default: "REGEX"
type Must be set to the value LbHttpRequestUriCondition LbRuleConditionType Required
uri A string used to identify resource string Required

LbHttpRequestUriRewriteAction (schema) (Deprecated)

Action to rewrite HTTP request URIs.

This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values.
Full URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
The uri field of this action is used to rewrite the /path part in above
scheme. And the uri_arguments field is used to rewrite the query part.
Captured variables and built-in variables can be used in the uri and
uri_arguments fields.
Check the example in LbRuleAction to see how to use variables in this
action.

Name Description Type Notes
type Must be set to the value LbHttpRequestUriRewriteAction LbRuleActionType Required
uri URI of HTTP request string Required
uri_arguments URI arguments

Query string of URI, typically contains key value pairs, for example:
foo1=bar1&foo2=bar2
string

LbHttpRequestVersionCondition (schema) (Deprecated)

Condition to match HTTP protocol version of HTTP requests

This condition is used to match the HTTP protocol version of the HTTP
request messages.

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
type Must be set to the value LbHttpRequestVersionCondition LbRuleConditionType Required
version HTTP version HttpRequestVersionType Required

LbHttpResponseHeaderCondition (schema) (Deprecated)

Condition to match a header field of HTTP response

This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization,
User-Agent, etc. One condition can be used to match one header field, to
match multiple header fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.

Name Description Type Notes
case_sensitive A case sensitive flag for HTTP header value comparing

If true, case is significant when comparing HTTP header value.
boolean Default: "True"
header_name Name of HTTP header field string Required
header_value Value of HTTP header field string Required
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of HTTP header value LbRuleMatchType Default: "REGEX"
type Must be set to the value LbHttpResponseHeaderCondition LbRuleConditionType Required

LbHttpResponseHeaderDeleteAction (schema) (Deprecated)

Action to delete HTTP response header fields

This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined

Name Description Type Notes
header_name Name of a header field of HTTP response message string Required
type Must be set to the value LbHttpResponseHeaderDeleteAction LbRuleActionType Required

LbHttpResponseHeaderRewriteAction (schema) (Deprecated)

Action to rewrite HTTP response header fields

This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.

Name Description Type Notes
header_name Name of a header field of HTTP request message string Required
header_value Value of header field string Required
type Must be set to the value LbHttpResponseHeaderRewriteAction LbRuleActionType Required

LbHttpSslCondition (schema) (Deprecated)

Condition to match SSL handshake and SSL connection

This condition is used to match SSL handshake and SSL connection at
all phases.If multiple properties are configured, the rule is considered
a match when all the configured properties are matched.

Name Description Type Notes
client_certificate_issuer_dn The issuer DN match condition of the client certificate

The issuer DN match condition of the client certificate for an
established SSL connection
LbClientCertificateIssuerDnCondition
client_certificate_subject_dn The subject DN match condition of the client certificate

The subject DN match condition of the client certificate for an
established SSL connection
LbClientCertificateSubjectDnCondition
client_supported_ssl_ciphers Cipher list which supported by client array of SslCipher
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
session_reused The type of SSL session reused LbSslSessionReusedType Default: "IGNORE"
type Must be set to the value LbHttpSslCondition LbRuleConditionType Required
used_protocol Protocol of an established SSL connection SslProtocol
used_ssl_cipher Cipher used for an established SSL connection SslCipher

LbHttpsMonitor (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificate_chain_depth the maximum traversal depth of server certificate chain

authentication depth is used to set the verification depth in the server
certificates chain.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
cipher_group_label Label of cipher group

It is a label of cipher group which is mostly consumed by GUI.
SslCipherGroup
ciphers supported SSL cipher list to servers array of SslCipher
client_certificate_id client certificate identifier

client certificate can be specified to support client authentication.
string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count num of consecutive checks must fail before marking it down integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval the frequency at which the system issues the monitor check (in second) integer Minimum: 1
Maximum: 2147483647
Default: "5"
is_fips FIPS compliance of ciphers and protocols

This flag is set to true when all the ciphers and protocols are FIPS
compliant. It is set to false when one of the ciphers or protocols are
not FIPS compliant..
boolean Readonly
is_secure Secure/Insecure monitor flag

This flag is set to true when all the ciphers and protocols are secure.
It is set to false when one of the ciphers or protocols is insecure.
boolean Readonly
monitor_port port which is used for healthcheck

If the monitor port is specified, it would override pool member port
setting for healthcheck. A port range is not supported.
For ICMP monitor, monitor_port is not required.
PortElement
protocols supported SSL protocol list to servers

SSL versions TLS1.1 and TLS1.2 are supported and enabled by default.
SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default.
array of SslProtocol
request_body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. string
request_headers Array of HTTP request headers array of LbHttpRequestHeader
request_method the health check method for HTTP monitor type HttpRequestMethodType Default: "GET"
request_url URL used for HTTP monitor string
request_version HTTP request version HttpRequestVersionType Default: "HTTP_VERSION_1_1"
resource_type Must be set to the value LbHttpsMonitor MonitorType Required
response_body response body to match

If HTTP response body match string (regular expressions not supported)
is specified (using LbHttpMonitor.response_body) then the
healthcheck HTTP response body is matched against the specified string
and server is considered healthy only if there is a match.
If the response body string is not specified, HTTP healthcheck is
considered successful if the HTTP response status code is 2xx, but it
can be configured to accept other status codes as successful.
string
response_status_codes Array of single HTTP response status codes

The HTTP response status code should be a valid HTTP status code.
array of int Maximum items: 64
rise_count num of consecutive checks must pass before marking it up integer Minimum: 1
Maximum: 2147483647
Default: "3"
server_auth server authentication mode ServerAuthType Default: "IGNORE"
server_auth_ca_ids CA identifier list to verify server certificate

If server auth type is REQUIRED, server certificate must be signed by
one of the trusted Certificate Authorities (CAs), also referred to as
root CAs, whose self signed certificates are specified.
array of string
server_auth_crl_ids CRL identifier list to verify server certificate

A Certificate Revocation List (CRL) can be specified in the server-side
SSL profile binding to disallow compromised server certificates.
array of string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout the number of seconds the target has in which to respond to the monitor request integer Minimum: 1
Maximum: 2147483647
Default: "15"

LbIcmpMonitor (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
data_length The data size(in byte) of the ICMP healthcheck packet integer Minimum: 0
Maximum: 65507
Default: "56"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count num of consecutive checks must fail before marking it down integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval the frequency at which the system issues the monitor check (in second) integer Minimum: 1
Maximum: 2147483647
Default: "5"
monitor_port port which is used for healthcheck

If the monitor port is specified, it would override pool member port
setting for healthcheck. A port range is not supported.
For ICMP monitor, monitor_port is not required.
PortElement
resource_type Must be set to the value LbIcmpMonitor MonitorType Required
rise_count num of consecutive checks must pass before marking it up integer Minimum: 1
Maximum: 2147483647
Default: "3"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout the number of seconds the target has in which to respond to the monitor request integer Minimum: 1
Maximum: 2147483647
Default: "15"

LbIpHeaderCondition (schema) (Deprecated)

Condition to match IP header fields

This condition is used to match IP header fields of HTTP messages.
Either source_address or group_id should be specified.

Name Description Type Notes
group_id Grouping object identifier

Source IP address of HTTP message should match IP addresses which are
configured in Group in order to perform actions.
string
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
source_address Source IP address of HTTP message

Source IP address of HTTP message. IP Address can be expressed as a
single IP address like 10.1.1.1, or a range of IP addresses like
10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported.
IPElement
type Must be set to the value LbIpHeaderCondition LbRuleConditionType Required

LbJwtAuthAction (schema) (Deprecated)

Action to control access using JWT authentication

This action is used to control access to backend server resources using
JSON Web Token(JWT) authentication. The JWT authentication is done before
any HTTP manipulation if the HTTP request matches the given condition in
LbRule. Any verification failed, the HTTP process will be terminated, and
HTTP response with 401 status code and WWW-Authentication header will be
returned to client.

Name Description Type Notes
key LbJwtKey used for verifying the signature of JWT token LbJwtKey
(Abstract type: pass one of the following concrete types)
LbJwtCertificateKey
LbJwtPublicKey
LbJwtSymmetricKey
pass_jwt_to_pool Whether to pass the JWT to backend server or remove it

Specify whether to pass the JWT to backend server or remove it. By
default, it is false which means will not pass the JWT to backend
servers.
boolean Default: "False"
realm JWT realm

A description of the protected area. If no realm is specified, clients
often display a formatted hostname instead. The configured realm is
returned when client request is rejected with 401 http status. In the
response, it will be "WWW-Authentication: Bearer realm=<realm>".
string
tokens JWT tokens

JWT is an open standard that defines a compact and
self-contained way for securely transmitting information between
parties as a JSON object. Load balancer will search for every specified
tokens one by one for the jwt message until found. This parameter is
optional. In case not found or this field is not configured, load
balancer searches the Bearer header by default in the http request
"Authorization: Bearer <token>".
array of string
type Must be set to the value LbJwtAuthAction LbRuleActionType Required

LbJwtCertificateKey (schema) (Deprecated)

Specifies certificate used to verify the signature of JWT tokens

The key is used to specify certificate which is used to verify the
signature of JWT tokens.

Name Description Type Notes
certificate_id Certificate identifier string Required
type Must be set to the value LbJwtCertificateKey LbJwtKeyType Required

LbJwtKey (schema) (Deprecated)

Load balancer JWT key

LbJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
This is an abstract type. Concrete child types:
LbJwtCertificateKey
LbJwtPublicKey
LbJwtSymmetricKey

Name Description Type Notes
type Type of load balancer JWT key

The property is used to identify JWT key type.
LbJwtKeyType Required

LbJwtKeyType (schema) (Deprecated)

Type of load balancer JWT key

It is used to identify JWT key type.

Name Description Type Notes
LbJwtKeyType Type of load balancer JWT key

It is used to identify JWT key type.
string Deprecated
Enum: LbJwtCertificateKey, LbJwtSymmetricKey, LbJwtPublicKey

LbJwtPublicKey (schema) (Deprecated)

Specifies public key content used to verify the signature of JWT tokens

The key is used to specify the public key content which is used to verify
the signature of JWT tokens.

Name Description Type Notes
public_key_content Content of public key string Required
type Must be set to the value LbJwtPublicKey LbJwtKeyType Required

LbJwtSymmetricKey (schema) (Deprecated)

Specifies the symmetric key used to verify the signature of JWT tokens

The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.

Name Description Type Notes
type Must be set to the value LbJwtSymmetricKey LbJwtKeyType Required

LbLogLevel (schema)

the log level of load balancer service

Name Description Type Notes
LbLogLevel the log level of load balancer service string Enum: DEBUG, INFO, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY

LbMonitor (schema) (Deprecated)

The object is deprecated as NSX-T Load Balancer is deprecated.
This is an abstract type. Concrete child types:
LbHttpMonitor
LbHttpsMonitor
LbIcmpMonitor
LbPassiveMonitor
LbTcpMonitor
LbUdpMonitor

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value LbMonitor MonitorType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbMonitorListRequestParameters (schema) (Deprecated)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Load balancer monitor type

Specify this type parameter to retrieve a list of load balancer
monitors of specified type.
MonitorQueryType

LbMonitorListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of load balancer monitors array of LbMonitor
(Abstract type: pass one of the following concrete types)
LbHttpMonitor
LbHttpsMonitor
LbIcmpMonitor
LbPassiveMonitor
LbTcpMonitor
LbUdpMonitor		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbNodeCountPerSeverity (schema) (Deprecated)

The node count for specific severity

The node count for specific load balancer usage severity.

Name Description Type Notes
node_count Node count for specific serverity

Node count for specific serverity.
integer Readonly
severity LB usage severity

The severity calculation is based on credit usage percentage of
load balancer for one node.
LbUsageSeverity Readonly

LbNodeUsage (schema) (Deprecated)

Node usage for load balancer

Node usage for load balancer contains basic information and LB entity
usages and capacity for the given node.
This is an abstract type. Concrete child types:
LbEdgeNodeUsage

Name Description Type Notes
node_id The UUID of the node for load balancer node usage

The property identifies the node UUID for load balancer node usage.
string Required
type Type of load balancer node usage

The property identifies the load balancer node usage type.
LbNodeUsageType Required

LbNodeUsageSummary (schema) (Deprecated)

Lb node usage summary for all nodes

The load balancer node usage summary for all nodes. Only EdgeNode is
supported. The summary calculation is based on all edge nodes
configured in edge clusters.

Name Description Type Notes
current_credit_number Current credit number

The current credit number reflects the overall credit usage for
all nodes.
integer Readonly
current_pool_members The current number of pool members

The overall number of pool members configured on all nodes.
integer Readonly
node_counts Array of node count for each severity

The property identifies array of node count for each severity (RED,
ORANGE and GREEN).
array of LbNodeCountPerSeverity Readonly
node_usages Array of lb node usages

The property contains lb node usages for each node.
array of LbNodeUsage
(Abstract type: pass one of the following concrete types)
LbEdgeNodeUsage		 Readonly
remaining_credit_number Remaining credit number

The remaining credit number is the overall remaining credits that can
be used for load balancer service configuration for all nodes.
integer Readonly
remaining_pool_members The remaining number of pool members

The overall remaining number of pool members which could be configured
on all nodes.
integer Readonly
severity LB usage severity

The severity calculation is based on current credit usage percentage
of load balancer for all nodes.
LbUsageSeverity Readonly
usage_percentage Usage percentage

The overall usage percentage of all nodes for load balancer.
The value is the larger value between overall pool member usage
percentage and overall load balancer credit usage percentage.
number Readonly

LbNodeUsageSummaryRequestParameters (schema) (Deprecated)

Load balancer node usage summary request parameters

Load balancer node usage summary request parameters.

Name Description Type Notes
include_usages Whether to include node usages

Specify whether to include node usages in response. By default,
it is false which means node usages are not included in
LbNodeUsageSummary response.
boolean

LbNodeUsageType (schema) (Deprecated)

Node type for load balancer node usage

The node type for load balancer node usage.

Name Description Type Notes
LbNodeUsageType Node type for load balancer node usage

The node type for load balancer node usage.
string Deprecated
Enum: LbEdgeNodeUsage

LbPassiveMonitor (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
max_fails number of consecutive connection failures

When the consecutive failures reach this value, then the member is
considered temporarily unavailable for a configurable period
integer Minimum: 1
Maximum: 2147483647
Default: "5"
resource_type Must be set to the value LbPassiveMonitor MonitorType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout timeout in seconds before it is selected again for a new connection

After this timeout period, the member is tried again for a new
connection to see if it is available.
integer Minimum: 1
Maximum: 2147483647
Default: "5"

LbPersistenceCookieTime (schema) (Deprecated)

Name Description Type Notes
cookie_max_idle persistence cookie max idle time in seconds

HTTP cookie max-age to expire cookie, only available for insert mode.
integer Required
Minimum: 1
Maximum: 2147483647
type Must be set to the value LbPersistenceCookieTime CookieTimeType Required

LbPersistenceProfile (schema)

LB persistence profile

LB persistence profile contains the information related to load balancer
persistence options.
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence can be enabled on a
LbVirtualServer by binding a persistence profile to it.
LbGenericPersistenceProfile cannot be attached to virtual server directly,
it can be only consumed by LB rule action. If a user attaches a generic
persistence profile directly to a virtual server, the operation is
rejected.
This is an abstract type. Concrete child types:
LbCookiePersistenceProfile
LbGenericPersistenceProfile
LbSourceIpPersistenceProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
persistence_shared Persistence shared flag

The persistence shared flag identifies whether the persistence table
is shared among virtual-servers referring this profile.
If persistence shared flag is not set in the cookie persistence profile
bound to a virtual server, it defaults to cookie persistence that is
private to each virtual server and is qualified by the pool. This is
accomplished by load balancer inserting a cookie with name in the
format <name>.<virtual_server_id>.<pool_id>.
If persistence shared flag is set in the cookie persistence profile, in
cookie insert mode, cookie persistence could be shared across multiple
virtual servers that are bound to the same pools. The cookie name would
be changed to <name>.<profile-id>.<pool-id>.
If persistence shared flag is not set in the sourceIp persistence
profile bound to a virtual server, each virtual server that the profile
is bound to maintains its own private persistence table.
If persistence shared flag is set in the sourceIp persistence profile,
all virtual servers the profile is bound to share the same persistence
table.
If persistence shared flag is not set in the generic persistence
profile, the persistence entries are matched and stored in the table
which is identified using both virtual server ID and profile ID.
If persistence shared flag is set in the generic persistence profile,
the persistence entries are matched and stored in the table which is
identified using profile ID. It means that virtual servers which
consume the same profile in the LbRule with this flag enabled are
sharing the same persistence table.
boolean Default: "False"
resource_type Must be set to the value LbPersistenceProfile PersistenceProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbPersistenceProfileListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Load balancer persistence profile type

Specify this type parameter to retrieve a list of load balancer
persistence profiles of specified type.
PersistenceProfileType

LbPersistenceProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of load balancer persistence profiles array of LbPersistenceProfile
(Abstract type: pass one of the following concrete types)
LbCookiePersistenceProfile
LbGenericPersistenceProfile
LbSourceIpPersistenceProfile		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbPool (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
active_monitor_ids active monitor identifier list

In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check
their health, completely independent of any data traffic. Active
healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the pool. If multiple active
monitors are configured, the pool member status is UP only when the
health check status for all the monitors are UP.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of string Deprecated
algorithm pool balancing algorithm for backend pool members

Load balancing algorithm, configurable per pool controls how the
incoming connections are distributed among the members.
PoolAlgorithm Default: "ROUND_ROBIN"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
member_group Load balancer member setting with grouping object

Load balancer pool support grouping object as dynamic pool members.
When member group is defined, members setting should not be specified.
PoolMemberGroup
members load balancer pool members

Server pool consists of one or more pool members. Each pool member
is identified, typically, by an IP address and a port.
array of PoolMember
min_active_members minimum number of active pool members to consider pool as active

A pool is considered active if there are at least certain
minimum number of members.
integer Minimum: 1
Maximum: 2147483647
Default: "1"
passive_monitor_id passive monitor identifier

Passive healthchecks are disabled by default and can be enabled by
attaching a passive health monitor to a server pool.
Each time a client connection to a pool member fails, its failed count
is incremented. For pools bound to L7 virtual servers, a connection is
considered to be failed and failed count is incremented if any TCP
connection errors (e.g. TCP RST or failure to send data) or SSL
handshake failures occur. For pools bound to L4 virtual servers, if no
response is received to a TCP SYN sent to the pool member or if a TCP
RST is received in response to a TCP SYN, then the pool member is
considered to have failed and the failed count is incremented.
The property is deprecated as NSX-T Load Balancer is deprecated.
string Deprecated
resource_type Must be set to the value LbPool string
snat_translation snat translation configuration

Depending on the topology, Source NAT (SNAT) may be required to ensure
traffic from the server destined to the client is received by the load
balancer. SNAT can be enabled per pool. If SNAT is not enabled for a
pool, then load balancer uses the client IP and port (spoofing) while
establishing connections to the servers. This is referred to as no-SNAT
or TRANSPARENT mode.
The property is deprecated as NSX-T Load Balancer is deprecated.
LbSnatTranslation
(Abstract type: pass one of the following concrete types)
LbSnatAutoMap
LbSnatIpPool		 Deprecated
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_multiplexing_enabled TCP multiplexing enable flag

TCP multiplexing allows the same TCP connection between load balancer
and the backend server to be used for sending multiple client requests
from different client TCP connections.
The property is deprecated as NSX-T Load Balancer is deprecated.
boolean Deprecated
Default: "False"
tcp_multiplexing_number maximum number of TCP connections for multiplexing

The maximum number of TCP connections per pool that are idly kept alive
for sending future client requests.
The property is deprecated as NSX-T Load Balancer is deprecated.
integer Deprecated
Minimum: 0
Maximum: 2147483647
Default: "6"

LbPoolListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of pools array of LbPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbPoolMemberStatistics (schema)

Name Description Type Notes
ip_address Pool member IP address IPAddress Required
port Pool member port

The port is configured in pool member. For virtual server port range
case, pool member port must be null.
PortElement
statistics Pool member statistics counter LbStatisticsCounter Required

LbPoolMemberStatus (schema)

Name Description Type Notes
failure_cause The healthcheck failure cause when status is DOWN

If multiple active monitors are configured, the failure_cause contains
failure cause for each monitors. Like "Monitor_1:failure_cause_1.
Monitor_2:failure_cause_2."
string
ip_address Pool member IP address IPAddress Required
last_check_time If multiple active monitors are configured, the property value is the
latest last_check_time among all the monitors.
EpochMsTimestamp
last_state_change_time If multiple active monitors are configured, the property value is the
latest last_state_change_time among all the monitors.
EpochMsTimestamp
port Pool member port

The port is configured in pool member. For virtual server port range
case, pool member port must be null.
PortElement
status Pool member status

UP means that pool member is enabled and monitors have marked the pool
member as UP. If the pool member has no monitor configured, it would
be treated as UP.
DOWN means that pool member is enabled and monitors have marked the
pool member as DOWN.
DISABLED means that admin state of pool member is set to DISABLED.
GRACEFUL_DISABLED means that admin state of pool member is set to
GRACEFUL_DISABLED.
UNUSED means that the pool member is not used when the IP list size
of member group exceeds the maximum setting. The remaining IP addresses
would not be used as available backend servers, hence mark the status
as UNUSED.
UNKNOWN means that the related pool is not associated to any enabled
virtual servers, or no status reported from transport-nodes, the
associated load balancer service may be working(or not working).
string Required
Enum: UP, DOWN, DISABLED, GRACEFUL_DISABLED, UNUSED, UNKNOWN

LbPoolStatistics (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated EpochMsTimestamp
members Statistics of load balancer pool members array of LbPoolMemberStatistics
pool_id Load balancer pool identifier string Required
statistics Virtual server statistics counter LbStatisticsCounter Required

LbPoolStatisticsListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated statistics list of pools array of LbPoolStatistics Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbPoolStatus (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated EpochMsTimestamp
members Status of load balancer pool members array of LbPoolMemberStatus
pool_id Load balancer pool identifier string Required
status Virtual server status

UP means that all primary members are in UP status.
PARTIALLY_UP means that some(not all) primary members are in UP
status, the number of these active members is larger or equal to
certain number(min_active_members) which is defined in LbPool.
When there are no backup members which are in the UP status, the
number(min_active_members) would be ignored.
PRIMARY_DOWN means that less than certain(min_active_members) primary
members are in UP status but backup members are in UP status,
connections to this pool would be dispatched to backup members.
DOWN means that all primary and backup members are DOWN.
DETACHED means that the pool is not bound to any virtual server.
UNKNOWN means that the pool is not associated to any enabled virtual
servers, or no status reported from transport-nodes, the associated
load balancer service may be working(or not working).
string Enum: UP, PARTIALLY_UP, PRIMARY_DOWN, DOWN, DETACHED, UNKNOWN

LbPoolStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated status list of pools array of LbPoolStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbRule (schema) (Deprecated)

Load balancer rules

Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for only
layer 7 virtual servers with application profile LbHttpProfile.
Each application rule consists of one or more match conditions and one or
more actions.
Load balancer rules could be used by different load balancer services.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
actions Actions to be executed

A list of actions to be executed at specified phase when load balancer
rule matches. The actions are used to manipulate application traffic,
such as rewrite URI of HTTP messages, redirect HTTP messages, etc.
array of LbRuleAction
(Abstract type: pass one of the following concrete types)
LbConnectionDropAction
LbHttpRedirectAction
LbHttpRejectAction
LbHttpRequestHeaderDeleteAction
LbHttpRequestHeaderRewriteAction
LbHttpRequestUriRewriteAction
LbHttpResponseHeaderDeleteAction
LbHttpResponseHeaderRewriteAction
LbJwtAuthAction
LbSelectPoolAction
LbSslModeSelectionAction
LbVariableAssignmentAction
LbVariablePersistenceLearnAction
LbVariablePersistenceOnAction		 Required
Maximum items: 60
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
match_conditions Conditions to match application traffic

A list of match conditions used to match application traffic. Multiple
match conditions can be specified in one load balancer rule, each match
condition defines a criterion to match application traffic.
If no match conditions are specified, then the load balancer rule will
always match and it is used typically to define default rules. If more
than one match condition is specified, then match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to considered a match.
array of LbRuleCondition
(Abstract type: pass one of the following concrete types)
LbHttpRequestBodyCondition
LbHttpRequestCookieCondition
LbHttpRequestHeaderCondition
LbHttpRequestMethodCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestUriCondition
LbHttpRequestVersionCondition
LbHttpResponseHeaderCondition
LbHttpSslCondition
LbIpHeaderCondition
LbSslSniCondition
LbTcpHeaderCondition
LbVariableCondition		 Maximum items: 60
match_strategy Strategy to match multiple conditions

Strategy to define how load balancer rule is considered a match when
multiple match conditions are specified in one rule. If match_stragety
is set to ALL, then load balancer rule is considered a match only if all
the conditions match. If match_strategy is set to ANY, then load
balancer rule is considered a match if any one of the conditions match.
string Required
Enum: ALL, ANY
phase Load balancer processing phase

Each load balancer rule is used at a specific phase of load balancer
processing. Currently five phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT.
When an HTTP request message is received by load balancer, all
HTTP_REQUEST_REWRITE rules, if present are executed in the order they
are applied to virtual server. And then if HTTP_FORWARDING rules
present, only first matching rule's action is executed, remaining rules
are not checked. HTTP_FORWARDING rules can have only one action. If the
request is forwarded to a backend server and the response goes back to
load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed
in the order they are applied to the virtual server.
In HTTP_ACCESS phase, user can define action to control access using
JWT authentication.
In TRANSPORT phase, user can define the condition to match SNI in TLS
client hello and define the action to do SSL end-to-end, SSL offloading
or SSL passthrough using a specific load balancer server pool.
string Required
Enum: HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS, TRANSPORT
resource_type Must be set to the value LbRule string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbRuleAction (schema) (Deprecated)

Load balancer rule action

Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions.
Supported actions in HTTP_REQUST_REWRITE phase are:
LbHttpRequestUriRewriteAction
LbHttpRequestHeaderRewriteAction
LbHttpRequestHeaderDeleteAction
LbVariableAssignmentAction
Supported actions in HTTP_FORWARDING phase are:
LbHttpRejectAction
LbHttpRedirectAction
LbSelectPoolAction
LbVariablePersistenceOnAction
LbConnectionDropAction
Supported action in HTTP_RESPONSE_REWRITE phase is:
LbHttpResponseHeaderRewriteAction
LbHttpResponseHeaderDeleteAction
LbVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is:
LbJwtAuthAction
LbConnectionDropAction
LbVariableAssignmentAction
Supported action in TRANSPORT phase is:
LbSslModeSelectionAction
LbSelectPoolAction

If the match type of an LbRuleCondition field is specified as REGEX and
named capturing groups are used in the specified regular expression. The
groups can be used as variables in LbRuleAction fields.
For example, define a rule with LbHttpRequestUriCondition as match
condition and LbHttpRequestUriRewriteAction as action. Set match_type field
of LbHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)".
Set uri field of LbHttpRequestUriRewriteAction to:
"/news/$year-$month/$article"
In uri field of LbHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LbHttpRequestUriRewriteAction.
For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring
"2017" is captured in variable $year, "06" is captured in variable $month,
and "xyz.html" is captured in variable $article. The
LbHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html"
A set of built-in variables can be used in LbRuleAction as well. The name
of built-in variables start with underscore, the name of user defined
variables is not allowed to start with underscore.
Following are some of the built-in variables:
$_scheme: Reference the scheme part of matched HTTP messages, could be
"http" or "https".
$_host: Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https.
$_uri: The URI path, for example "/products/sample.html".
$_request_uri: Full original request URI with arguments, for example,
"/products/sample.html?a=b&c=d".
$_args: URI arguments, for instance "a=b&c=d"
$_is_args: "?" if a request has URI arguments, or an empty string
otherwise.
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
This is an abstract type. Concrete child types:
LbConnectionDropAction
LbHttpRedirectAction
LbHttpRejectAction
LbHttpRequestHeaderDeleteAction
LbHttpRequestHeaderRewriteAction
LbHttpRequestUriRewriteAction
LbHttpResponseHeaderDeleteAction
LbHttpResponseHeaderRewriteAction
LbJwtAuthAction
LbSelectPoolAction
LbSslModeSelectionAction
LbVariableAssignmentAction
LbVariablePersistenceLearnAction
LbVariablePersistenceOnAction

Name Description Type Notes
type Type of load balancer rule action

The property identifies the load balancer rule action type.
LbRuleActionType Required

LbRuleActionType (schema) (Deprecated)

Types of load balancer rule actions

LbRuleActionType is used to identify the action types used in load
balancer rules.

Name Description Type Notes
LbRuleActionType Types of load balancer rule actions

LbRuleActionType is used to identify the action types used in load
balancer rules.
string Deprecated
Enum: LbHttpRequestUriRewriteAction, LbHttpRequestHeaderRewriteAction, LbHttpRejectAction, LbHttpRedirectAction, LbSelectPoolAction, LbSelectServerAction, LbHttpResponseHeaderRewriteAction, LbHttpRequestHeaderDeleteAction, LbHttpResponseHeaderDeleteAction, LbVariableAssignmentAction, LbVariablePersistenceOnAction, LbVariablePersistenceLearnAction, LbJwtAuthAction, LbSslModeSelectionAction, LbConnectionDropAction

LbRuleCondition (schema) (Deprecated)

Match condition of load balancer rule

Match conditions are used to match application traffic passing through
load balancers. Multiple match conditions can be specified in one load
balancer rule, each match condition defines a criterion for application
traffic.
If inverse field is set to true, the match result of the condition is
inverted.
If more than one match condition is specified, match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to be considered a match.
Currently only HTTP messages are supported by load balancer rules.
Each load balancer rule is used at a specific phase of load balancer
processing. Currently three phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are:
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbHttpRequestBodyCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
Supported match conditions in HTTP_FORWARDING phase are:
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbHttpRequestBodyCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
LbSslSniCondition
Supported match condition in HTTP_RESPONSE_REWRITE phase is:
LbHttpResponseHeaderCondition
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
Supported match condition in HTTP_ACCESS phase is:
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbHttpRequestBodyCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
Supported match condition in TRANSPORT phase is:
LbSslSniCondition
This is an abstract type. Concrete child types:
LbHttpRequestBodyCondition
LbHttpRequestCookieCondition
LbHttpRequestHeaderCondition
LbHttpRequestMethodCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestUriCondition
LbHttpRequestVersionCondition
LbHttpResponseHeaderCondition
LbHttpSslCondition
LbIpHeaderCondition
LbSslSniCondition
LbTcpHeaderCondition
LbVariableCondition

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
type Type of load balancer rule condition LbRuleConditionType Required

LbRuleConditionType (schema) (Deprecated)

Type of load balancer rule match condition

Name Description Type Notes
LbRuleConditionType Type of load balancer rule match condition string Deprecated
Enum: LbHttpRequestMethodCondition, LbHttpRequestUriCondition, LbHttpRequestUriArgumentsCondition, LbHttpRequestVersionCondition, LbHttpRequestHeaderCondition, LbHttpRequestCookieCondition, LbHttpRequestBodyCondition, LbHttpResponseHeaderCondition, LbTcpHeaderCondition, LbIpHeaderCondition, LbVariableCondition, LbHttpSslCondition, LbSslSniCondition

LbRuleListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of LB rules array of LbRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbRuleMatchType (schema) (Deprecated)

Match type for LbRule conditions

LbRuleMatchType is used to determine how a specified string value is used
to match a specified LbRuleCondition field.
STARTS_WITH: If the LbRuleCondition field starts with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
EQUALS: If the LbRuleCondition field is same as the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
CONTAINS: If the LbRuleCondition field contains the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
REGEX: If the LbRuleCondition field matches specified regular expression,
the condition matches. The regular expressions in load balancer rules use
the features common to both Java regular expressions and Perl Compatible
Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions.
If named capturing groups are used in the regular expression, when a
match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}).
For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured
in variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article.
Please note, when regular expressions are used in JSON(JavaScript Object
Notation) string, every backslash character (\) needs to be escaped by one
additional backslash character.

Name Description Type Notes
LbRuleMatchType Match type for LbRule conditions

LbRuleMatchType is used to determine how a specified string value is used
to match a specified LbRuleCondition field.
STARTS_WITH: If the LbRuleCondition field starts with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
EQUALS: If the LbRuleCondition field is same as the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
CONTAINS: If the LbRuleCondition field contains the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
REGEX: If the LbRuleCondition field matches specified regular expression,
the condition matches. The regular expressions in load balancer rules use
the features common to both Java regular expressions and Perl Compatible
Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions.
If named capturing groups are used in the regular expression, when a
match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}).
For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured
in variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article.
Please note, when regular expressions are used in JSON(JavaScript Object
Notation) string, every backslash character (\) needs to be escaped by one
additional backslash character.
string Deprecated
Enum: STARTS_WITH, ENDS_WITH, EQUALS, CONTAINS, REGEX

LbSelectPoolAction (schema) (Deprecated)

Action to select a pool for HTTP request messages

This action is used to select a pool for matched HTTP request messages. The
pool is specified by UUID. The matched HTTP request messages are forwarded
to the specified pool.

Name Description Type Notes
pool_id UUID of load balancer pool string Required
pool_name Display name of load balancer pool string Readonly
type Must be set to the value LbSelectPoolAction LbRuleActionType Required

LbServerSslProfile (schema) (Deprecated)

The object is deprecated as NSX-T Load Balancer is deprecated.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cipher_group_label Label of cipher group

It is a label of cipher group which is mostly consumed by GUI.
SslCipherGroup
ciphers supported SSL cipher list to client side array of SslCipher
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_fips FIPS compliance of ciphers and protocols

This flag is set to true when all the ciphers and protocols are FIPS
compliant.
It is set to false when one of the ciphers or protocols are not
FIPS compliant.
boolean Readonly
is_secure Secure/Insecure SSL profile flag

This flag is set to true when all the ciphers and protocols are secure.
It is set to false when one of the ciphers or protocols is insecure.
boolean Readonly
protocols supported SSL protocol list to client side

SSL versions TLS1.1 and TLS1.2 are supported and enabled by default.
SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default.
array of SslProtocol
resource_type Must be set to the value LbServerSslProfile string
session_cache_enabled session cache enable/disable falg

SSL session caching allows SSL client and server to reuse previously
negotiated security parameters avoiding the expensive public key
operation during handshake.
boolean Default: "True"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbServerSslProfileListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of load balancer server SSL profiles array of LbServerSslProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbService (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
access_log_enabled Whether access log is enabled boolean Deprecated
attachment The target which is used to instantiate Lb service.

LBS could be instantiated (or created) on the Logical router, etc.
Typically, it could be applied to Tier1 LogicalRouter. It can be
attached to Tier0 LogicalRouter either in non-multi-tenant environments
or to provide load balancing for infrastructure services offered by
the provider.
If size is set to DLB for distribution, the attachment is optional.
The supported attachment is NSGroup consisting of VIFs of that load
balancer's clients.
If the attachment is not specified and size is DLB, the associated
load balancer settings are applied to all supported transport nodes.
ResourceReference
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Whether the load balancer service is enabled boolean Default: "True"
error_log_level Error log level of load balancer service

Load balancer engine writes information about encountered issues of
different severity levels to the error log. This setting is used to
define the severity level of the error log.
LbLogLevel Default: "INFO"
id Unique identifier of this resource string Sortable
relax_scale_validation Whether scale validation is relaxed

If relax_scale_validation is true, the scale validations for virtual
servers/pools/pool members/rules are relaxed for load balancer service.
When load balancer service is deployed on edge nodes, the scale of
virtual servers/pools/pool members for the load balancer service should
not exceed the scale number of the largest load balancer size which
could be configured on a certain edge form factor. For example, the
largest load balancer size supported on a MEDIUM edge node is MEDIUM.
So one SMALL load balancer deployed on MEDIUM edge nodes can support
the scale number of MEDIUM load balancer. It is not recommended to
enable active monitors if relax_scale_validation is true due to
performance consideration.
If relax_scale_validation is false, scale numbers should be validated
for load balancer service.
The property is deprecated as NSX-T Load Balancer is deprecated.
boolean Deprecated
Default: "False"
resource_type Must be set to the value LbService string
size The size of load balancer service LbServiceSize Default: "SMALL"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
virtual_server_ids Virtual server identifier list

virtual servers can be associated to LbService(which is
similar to physical/virtual load balancer), Lb virtual servers,
pools and other entities could be defined independently, the virtual
server identifier list here would be used to maintain the relationship of
LbService and other Lb entities.
array of string

LbServiceDebugInfo (schema)

The debug information of the load balancer service

The information for a given load balancer service could be used for
debugging and troubleshooting. It includes load balancer service,
associated virtual servers, associated pools, associated profiles such as
persistence, SSL, application, associated monitors and associated rules.

Name Description Type Notes
application_profiles Associated load balancer application profile settings

The application profiles are associated to virtual servers
array of LbAppProfile
(Abstract type: pass one of the following concrete types)
LbFastTcpProfile
LbFastUdpProfile
LbHttpProfile		 Readonly
client_ssl_profiles Associated load balancer client SSL profile settings

The client SSL profiles are associated to virtual servers.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of LbClientSslProfile Deprecated
Readonly
monitors Associated load balancer monitor configurations

The load balancer monitors are associated to pools.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of LbMonitor
(Abstract type: pass one of the following concrete types)
LbHttpMonitor
LbHttpsMonitor
LbIcmpMonitor
LbPassiveMonitor
LbTcpMonitor
LbUdpMonitor		 Deprecated
Readonly
persistence_profiles Associated load balancer persistence profile settings

The persistence profiles are associated to virtual servers
array of LbPersistenceProfile
(Abstract type: pass one of the following concrete types)
LbCookiePersistenceProfile
LbGenericPersistenceProfile
LbSourceIpPersistenceProfile		 Readonly
pools Associated load balancer pool settings

The pools which are associated to the given load balancer service would
be included. The pools could be defined in virtual server default pool,
sorry pool or load balancer rule action.
array of LbPool Readonly
rules Associated load balancer rule settings

The load balancer rules are associated to virtual servers.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of LbRule Deprecated
Readonly
server_ssl_profiles Associated load balancer server SSL profile settings

The server SSL profiles are associated to virtual servers.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of LbServerSslProfile Deprecated
Readonly
service Load balancer service setting

Load balancer service setting for a given load balancer service
identifier.
LbService Readonly
virtual_servers Associated virtual server settings

The virtual servers which are associated to the given load balancer
service would be included.
array of LbVirtualServer Readonly

LbServiceInstanceDetail (schema)

Name Description Type Notes
attachment The load balancer instance attachment

The resource reference which the load balancer instance deploys on.
ResourceReference
error_message The error message for this instance

The error message for the load balancer instance. If the instance
status is NOT_READY, error message will be attached.
string

LbServiceInstanceDetailPerStatus (schema)

Name Description Type Notes
instance_details The detail information of load balancer instance

The detailed information of the load balancer instance. This field
will be only returned on realtime status API.
array of LbServiceInstanceDetail
instance_number The number of instances in this status type

It means the total number of instances in this status type for the
given transport node.
integer
status Load balancer instance status type

The type of load balancer instance status.
LbServiceInstanceStatusEnum

LbServiceInstanceDetailPerTransportNode (schema)

Name Description Type Notes
instance_detail_per_status Load balancer instances details for each status

Load balancer instances details for each load balancer instance
status type from the given transport node.
array of LbServiceInstanceDetailPerStatus
transport_node_id The UUID of the transport node

The UUID of the transport node.
string

LbServiceInstanceStatusEnum (schema)

Distributed load balancer service instance status

READY means that the LBS instance is the oldest and applied. Sometimes, the
oldest LBS might not be applied successfully, the next oldest one could be
applied.
CONFLICT means that the LBS instance is not the oldest and not applied.
NOT_READY means that the LBS instance is the oldest, should be applied,
but not applied.

Name Description Type Notes
LbServiceInstanceStatusEnum Distributed load balancer service instance status

READY means that the LBS instance is the oldest and applied. Sometimes, the
oldest LBS might not be applied successfully, the next oldest one could be
applied.
CONFLICT means that the LBS instance is not the oldest and not applied.
NOT_READY means that the LBS instance is the oldest, should be applied,
but not applied.
string Enum: READY, CONFLICT, NOT_READY

LbServiceListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of load balancer services array of LbService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbServiceQueryRequestParameters (schema)

Load balancer service list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
logical_router_id Logical router identifier

When logical_router_id is specified, the list load balancer API will
return the load balancer services which are related to the given
logical router.
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

LbServiceSize (schema)

the size of load balancer service

The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or
DLB. The first four sizes are realized on Edge node as a centralized load
balancer. DLB is realized on each ESXi hypervisor as a distributed load
balancer. DLB is supported for k8s cluster IPs managed by vSphere with
Kubernetes. DLB is NOT supported for any other workload types.
The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all
deprecated. Customers who are using this set of features are advised to
migrate to NSX Advanced Load Balancer (Avi) which provides a superset of
the NSX-T load balancing functionality.

Name Description Type Notes
LbServiceSize the size of load balancer service

The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or
DLB. The first four sizes are realized on Edge node as a centralized load
balancer. DLB is realized on each ESXi hypervisor as a distributed load
balancer. DLB is supported for k8s cluster IPs managed by vSphere with
Kubernetes. DLB is NOT supported for any other workload types.
The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all
deprecated. Customers who are using this set of features are advised to
migrate to NSX Advanced Load Balancer (Avi) which provides a superset of
the NSX-T load balancing functionality.
string Enum: SMALL, MEDIUM, LARGE, XLARGE, DLB

LbServiceStatistics (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated EpochMsTimestamp
pools Statistics of load balancer pools array of LbPoolStatistics
service_id load balancer service identifier string Required
statistics Load balancer service statistics counter LbServiceStatisticsCounter
virtual_servers Statistics of load balancer virtual servers array of LbVirtualServerStatistics

LbServiceStatisticsCounter (schema)

Name Description Type Notes
l4_current_session_rate The average number of l4 current sessions per second, the number is averaged over the last 5 one-second intervals. number
l4_current_sessions Number of l4 current sessions integer
l4_max_sessions Number of l4 maximum sessions

L4 max sessions is used to show the peak L4 max session data since
load balancer starts to provide service.
integer
l4_total_sessions Number of l4 total sessions integer
l7_current_session_rate The average number of l7 current requests per second, the number is averaged over the last 5 one-second intervals. number
l7_current_sessions Number of l7 current sessions integer
l7_max_sessions Number of l7 maximum sessions

L7 max sessions is used to show the peak L7 max session data since
load balancer starts to provide service.
integer
l7_total_sessions Number of l7 total sessions integer

LbServiceStatus (schema)

Name Description Type Notes
active_transport_nodes Ids of load balancer service related active transport nodes array of string
cpu_usage Cpu usage in percentage integer
error_message Error message, if available string
instance_detail_per_tn Details of load balancer service instance per transport node

Details of load balancer service instance per transport node.
array of LbServiceInstanceDetailPerTransportNode
last_update_timestamp Timestamp when the data was last updated EpochMsTimestamp
memory_usage Memory usage in percentage integer
pools status of load balancer pools array of LbPoolStatus
service_id Load balancer service identifier string Required
service_status Status of load balancer service

UP means the load balancer service is working fine on both
transport-nodes(if have);
PARTIALLY_UP means that some DLB instances on transport node are
working successfully and some instances are not working successfully;
DOWN means the load balancer service is down on both transport-nodes
(if have), hence the load balancer will not respond to any requests;
ERROR means error happens on transport-node(s) or no status is
reported from transport-node(s). The load balancer service may be
working (or not working);
NO_STANDBY means load balancer service is working in one of the
transport node while not in the other transport-node (if have). Hence
if the load balancer service in the working transport-node goes down,
the load balancer service will go down;
DETACHED means that the load balancer service has no attachment setting
and is not instantiated in any transport nodes;
DISABLED means that admin state of load balancer service is DISABLED;
UNKNOWN means that no status reported from transport-nodes.The load
balancer service may be working(or not working).
string Enum: UP, PARTIALLY_UP, DOWN, ERROR, NO_STANDBY, DETACHED, DISABLED, UNKNOWN
standby_transport_nodes Ids of load balancer service related standby transport nodes array of string
virtual_servers status of load balancer virtual servers array of LbVirtualServerStatus

LbServiceStatusQueryParameters (schema)

Name Description Type Notes
include_instance_details Flag to indicate whether include detail information

The flag to indicate whether include detail information. Load
balancer instance detail information will be returned if this
field is set to true. It's only valid in realtime status query.
boolean Default: "False"
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_ids The UUIDs of transport nodes

The UUIDs of transport nodes. Multiple UUIDs should be separated by
commas. If this field is specified, only the status from the given
transport nodes will be returned. It's only valid in realtime status
query.
string

LbServiceUsage (schema)

The usage information of the load balancer service

Describes the capacity and current usage of virtual servers, pools, pool
members for the given load balancer service.

Name Description Type Notes
current_pool_count The current number of pools

The current number of pools which have been configured in the given load
balancer service.
integer Readonly
current_pool_member_count The current number of pool members

The current number of pool members which have been configured in the
given load balancer service.
integer Readonly
current_virtual_server_count The current number of virtual servers

The current number of virtual servers which have been configured in the
given load balancer service.
integer Readonly
pool_capacity The capacity of pools

Pool capacity means maximum number of pools which could be configured
in the given load balancer service.
integer Readonly
pool_member_capacity The capacity of pool members

Pool member capacity means maximum number of pool members which could
be configured in the given load balancer service.
integer Readonly
service_id UUID of load balancer service string Readonly
service_size The size of load balancer service LbServiceSize Readonly
severity LB usage severity

The severity calculation is based on the largest usage percentage from
virtual servers, pools, pool members and rules for one load balancer
service.
LbUsageSeverity Readonly
usage_percentage Usage percentage

The usage percentage is the largest usage percentage from virtual
servers, pools and pool members for the load balancer service. If the
property relax_scale_validation is set as true for LbService, it is
possible that the value is larger than 100.0. For example, if SMALL LBS
is deployed on MEDIUM edge node and configured with MEDIUM LBS virtual
server scale number, LBS usage percentage is shown larger than 100.0.
number Readonly
virtual_server_capacity The capacity of virtual servers

Virtual server capacity means maximum number of virtual servers which
could be configured in the given load balancer service.
integer Readonly

LbSessionCookieTime (schema) (Deprecated)

Name Description Type Notes
cookie_max_idle session cookie max idle time in seconds

Instead of using HTTP Cookie max-age and relying on client to expire
the cookie, max idle time and/or max lifetime of the cookie can be used.
Max idle time, if configured, specifies the maximum interval the cookie
is valid for from the last time it was seen in a request.
It is available for insert mode.
integer Minimum: 1
Maximum: 2147483647
cookie_max_life session cookie max lifetime in seconds

Max life time, if configured, specifies the maximum interval the cookie
is valid for from the first time the cookie was seen in a request.
It is available for insert mode.
integer Minimum: 1
Maximum: 2147483647
type Must be set to the value LbSessionCookieTime CookieTimeType Required

LbSnatAutoMap (schema) (Deprecated)

Name Description Type Notes
port_overload port overloading with same SNAT IP and port

Both SNAT automap and SNAT IP list modes support port overloading
which allows the same SNAT IP and port to be used for multiple
backend connections as long as the tuple (source IP, source port,
destination IP, destination port, IP protocol) after SNAT is
performed is unique.
The valid number is 1, 2, 4, 8, 16, 32.
This is a deprecated property. The port overload factor is fixed
to 32 in load balancer engine. If it is upgraded from an old version,
the value would be changed to 32 automatically.
integer Deprecated
Minimum: 1
Maximum: 32
Default: "32"
type Must be set to the value LbSnatAutoMap SnatTranslationType Required

LbSnatIpElement (schema) (Deprecated)

Name Description Type Notes
ip_address Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160 IPElement Required
prefix_length subnet prefix length

Subnet prefix length should be not specified if there is only one single
IP address or IP range.
integer

LbSnatIpPool (schema) (Deprecated)

Name Description Type Notes
ip_addresses List of Ip address or ip range

If an IP range is specified, the range may contain no more than 64
IP addresses.
array of LbSnatIpElement Required
Maximum items: 64
port_overload port overloading with same SNAT IP and port

Both SNAT automap and SNAT IP list modes support port overloading
which allows the same SNAT IP and port to be used for multiple
backend connections as long as the tuple (source IP, source port,
destination IP, destination port, IP protocol) after SNAT is
performed is unique.
The valid number is 1, 2, 4, 8, 16, 32.
This is a deprecated property. The port overload factor is fixed
to 32 in load balancer engine. If it is upgraded from an old version,
the value would be changed to 32 automatically.
integer Deprecated
Minimum: 1
Maximum: 32
Default: "32"
type Must be set to the value LbSnatIpPool SnatTranslationType Required

LbSnatTranslation (schema) (Deprecated)

This is an abstract type. Concrete child types:
LbSnatAutoMap
LbSnatIpPool

Name Description Type Notes
port_overload port overloading with same SNAT IP and port

Both SNAT automap and SNAT IP list modes support port overloading
which allows the same SNAT IP and port to be used for multiple
backend connections as long as the tuple (source IP, source port,
destination IP, destination port, IP protocol) after SNAT is
performed is unique.
The valid number is 1, 2, 4, 8, 16, 32.
This is a deprecated property. The port overload factor is fixed
to 32 in load balancer engine. If it is upgraded from an old version,
the value would be changed to 32 automatically.
integer Deprecated
Minimum: 1
Maximum: 32
Default: "32"
type SnatTranslationType Required

LbSourceIpPersistenceProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ha_persistence_mirroring_enabled mirroring enabled flag to synchronize persistence entries

Persistence entries are not synchronized to the HA peer by default.
The property is deprecated as NSX-T Load Balancer is deprecated.
boolean Deprecated
Default: "False"
id Unique identifier of this resource string Sortable
persistence_shared Persistence shared flag

The persistence shared flag identifies whether the persistence table
is shared among virtual-servers referring this profile.
If persistence shared flag is not set in the cookie persistence profile
bound to a virtual server, it defaults to cookie persistence that is
private to each virtual server and is qualified by the pool. This is
accomplished by load balancer inserting a cookie with name in the
format <name>.<virtual_server_id>.<pool_id>.
If persistence shared flag is set in the cookie persistence profile, in
cookie insert mode, cookie persistence could be shared across multiple
virtual servers that are bound to the same pools. The cookie name would
be changed to <name>.<profile-id>.<pool-id>.
If persistence shared flag is not set in the sourceIp persistence
profile bound to a virtual server, each virtual server that the profile
is bound to maintains its own private persistence table.
If persistence shared flag is set in the sourceIp persistence profile,
all virtual servers the profile is bound to share the same persistence
table.
If persistence shared flag is not set in the generic persistence
profile, the persistence entries are matched and stored in the table
which is identified using both virtual server ID and profile ID.
If persistence shared flag is set in the generic persistence profile,
the persistence entries are matched and stored in the table which is
identified using profile ID. It means that virtual servers which
consume the same profile in the LbRule with this flag enabled are
sharing the same persistence table.
boolean Default: "False"
purge persistence purge setting SourceIpPersistencePurge Default: "FULL"
resource_type Must be set to the value LbSourceIpPersistenceProfile PersistenceProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout persistence entry expiration time in seconds

When all connections complete (reference count reaches 0), persistence
entry timer is started with the expiration time.
integer Minimum: 1
Maximum: 2147483647
Default: "300"

LbSslCipherAndProtocolListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
ciphers List of SSL ciphers array of LbSslCipherInfo Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
protocols List of SSL protocols array of LbSslProtocolInfo Required
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbSslCipherInfo (schema) (Deprecated)

SSL cipher

Name Description Type Notes
cipher SSL cipher SslCipher Required
cipher_group_labels Cipher group label list

Several cipher groups might contain the same cipher suite, each cipher
suite could have multiple cipher group labels.
array of SslCipherGroup
is_default Default SSL cipher flag boolean Required
is_secure Secure/insecure SSL cipher flag boolean Required

LbSslModeSelectionAction (schema) (Deprecated)

Action to select SSL mode

This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.

Name Description Type Notes
ssl_mode Type of SSL mode

SSL Passthrough: LB establishes a TCP connection with client and another
connection with selected backend server. LB won't inspect the stream
data between client and backend server, but just pass it through.
Backend server exchanges SSL connection with client.
SSL Offloading: LB terminiates the connections from client, and
establishes SSL connection with it. After receiving the HTTP request,
LB connects the selected backend server and talk with it via HTTP
without SSL. LB estalishes new connection to selected backend server
for each HTTP request, in case server_keep_alive or multiplexing are
NOT configured.
SSL End-to-End: LB terminiates the connections from client, and
establishes SSL connection with it. After receiving the HTTP request,
LB connects the selected backend server and talk with it via HTTPS.
LB estalishes new SSL connection to selected backend server for each
HTTP request, in case server_keep_alive or multiplexing are NOT
configured.
string Required
Enum: SSL_PASSTHROUGH, SSL_END_TO_END, SSL_OFFLOAD
type Must be set to the value LbSslModeSelectionAction LbRuleActionType Required

LbSslProfile (schema) (Deprecated)

Load balancer abstract SSL profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value LbSslProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbSslProtocolInfo (schema) (Deprecated)

SSL protocol

Name Description Type Notes
is_default Default SSL protocol flag boolean Required
is_secure Secure/insecure SSL protocol flag boolean Required
protocol SSL protocol SslProtocol Required

LbSslSessionReusedType (schema) (Deprecated)

Type of SSL session reused

Name Description Type Notes
LbSslSessionReusedType Type of SSL session reused string Deprecated
Enum: IGNORE, REUSED, NEW

LbSslSniCondition (schema) (Deprecated)

Condition to match SSL SNI in client hello

This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING phase.

Name Description Type Notes
case_sensitive A case sensitive flag for SNI comparing

If true, case is significant when comparing SNI value.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of SNI

Determine how a specified string value is used to match SNI.
LbRuleMatchType Default: "REGEX"
sni The server name indication

The SNI(Server Name indication) in client hello message.
string Required
type Must be set to the value LbSslSniCondition LbRuleConditionType Required

LbStatisticsCounter (schema)

Name Description Type Notes
bytes_in Number of bytes in integer Required
bytes_in_rate The average number of inbound bytes per second, the number is averaged over the last 5 one-second intervals. number
bytes_out Number of bytes out integer Required
bytes_out_rate The average number of outbound bytes per second, the number is averaged over the last 5 one-second intervals. number
current_session_rate The average number of current sessions per second, the number is averaged over the last 5 one-second intervals. number
current_sessions Number of current sessions integer Required
dropped_packets_by_access_list The total number of dropped packets by access list control

The total number of dropped TCP SYN or UDP packets by access list
control.
integer
dropped_sessions_by_lbrule_action The total number of dropped sessions by LB rule action

The total number of dropped sessions by LB rule action.
integer
http_request_rate The average number of http requests per second, the number is averaged over the last 5 one-second intervals. number
http_requests The total number of http requests. integer
max_sessions Number of maximum sessions integer Required
packets_in Number of packets in integer
packets_in_rate The average number of inbound packets per second, the number is averaged over the last 5 one-second intervals. number
packets_out Number of packets out integer
packets_out_rate The average number of outbound packets per second, the number is averaged over the last 5 one-second intervals. number
source_ip_persistence_entry_size Number of source IP persistence entries integer
total_sessions Number of total sessions integer Required

LbTcpHeaderCondition (schema) (Deprecated)

Condition to match TCP header fields

This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.

Name Description Type Notes
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
source_port TCP source port of HTTP message PortElement Required
type Must be set to the value LbTcpHeaderCondition LbRuleConditionType Required

LbTcpMonitor (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count num of consecutive checks must fail before marking it down integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval the frequency at which the system issues the monitor check (in second) integer Minimum: 1
Maximum: 2147483647
Default: "5"
monitor_port port which is used for healthcheck

If the monitor port is specified, it would override pool member port
setting for healthcheck. A port range is not supported.
For ICMP monitor, monitor_port is not required.
PortElement
receive expected data received from server

Expected data, if specified, can be anywhere in the response and it has to
be a string, regular expressions are not supported.
string
resource_type Must be set to the value LbTcpMonitor MonitorType Required
rise_count num of consecutive checks must pass before marking it up integer Minimum: 1
Maximum: 2147483647
Default: "3"
send data to send

If both send and receive are not specified, then just a TCP connection
is established (3-way handshake) to validate server is healthy, no
data is sent.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout the number of seconds the target has in which to respond to the monitor request integer Minimum: 1
Maximum: 2147483647
Default: "15"

LbUdpMonitor (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fall_count num of consecutive checks must fail before marking it down integer Minimum: 1
Maximum: 2147483647
Default: "3"
id Unique identifier of this resource string Sortable
interval the frequency at which the system issues the monitor check (in second) integer Minimum: 1
Maximum: 2147483647
Default: "5"
monitor_port port which is used for healthcheck

If the monitor port is specified, it would override pool member port
setting for healthcheck. A port range is not supported.
For ICMP monitor, monitor_port is not required.
PortElement
receive expected data received from server

Expected data, can be anywhere in the response and it has to be a
string, regular expressions are not supported.
UDP healthcheck is considered failed if there is no server response
within the timeout period.
string Required
resource_type Must be set to the value LbUdpMonitor MonitorType Required
rise_count num of consecutive checks must pass before marking it up integer Minimum: 1
Maximum: 2147483647
Default: "3"
send data to send

The data to be sent to the monitored server.
string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout the number of seconds the target has in which to respond to the monitor request integer Minimum: 1
Maximum: 2147483647
Default: "15"

LbUsageSeverity (schema) (Deprecated)

Load balancer usage severity

Severity is calculated from usage percentage:
GREEN means the current usage percentage is less than 60%.
ORANGE means the current usage percentage is less than 80% and larger than
or equal to 60%.
RED means the current usage percentage is larger than or equal to 80%.

Name Description Type Notes
LbUsageSeverity Load balancer usage severity

Severity is calculated from usage percentage:
GREEN means the current usage percentage is less than 60%.
ORANGE means the current usage percentage is less than 80% and larger than
or equal to 60%.
RED means the current usage percentage is larger than or equal to 80%.
string Deprecated
Enum: GREEN, ORANGE, RED

LbVariableAssignmentAction (schema) (Deprecated)

Action to create variable and assign value to it.

This action is used to create a new variable and assign value to it.
One action can be used to create one variable. To create multiple
variables, multiple actions must be defined.
The variables can be used by LbVariableCondition, etc.

Name Description Type Notes
type Must be set to the value LbVariableAssignmentAction LbRuleActionType Required
variable_name Name of the variable to be assigned string Required
variable_value Value of variable string Required

LbVariableCondition (schema) (Deprecated)

Condition to match IP header fields

This condition is used to match variable's name and value at all
phases. The variables could be captured from REGEX or assigned by
LbVariableAssignmentAction or system embedded variable. Varialbe_name
and variable_value should be matched at the same time.

Name Description Type Notes
case_sensitive A case sensitive flag for variable value comparing

If true, case is significant when comparing variable value.
boolean Default: "True"
inverse A flag to indicate whether reverse the match result of this condition boolean Default: "False"
match_type Match type of variable value LbRuleMatchType Default: "REGEX"
type Must be set to the value LbVariableCondition LbRuleConditionType Required
variable_name Name of the variable to be matched string Required
variable_value Value of variable to be matched string Required

LbVariablePersistenceLearnAction (schema) (Deprecated)

Action to learn the variable value

This action is performed in HTTP response rewrite phase. It is used to
learn the value of variable from the HTTP response, and insert an entry
into the persistence table if the entry doesn't exist.

Name Description Type Notes
persistence_profile_id UUID of LbPersistenceProfile

If the persistence profile UUID is not specified, a default
persistence table is created per virtual server. Currently, only
LbGenericPersistenceProfile is supported.
string
type Must be set to the value LbVariablePersistenceLearnAction LbRuleActionType Required
variable_hash_enabled Whether to enable a hash operation for variable value

The property is used to enable a hash operation for variable value
when composing the persistence key.
boolean Default: "False"
variable_name Variable name

The property is the name of variable to be learnt. It is used to
identify which variable's value is learnt from HTTP response.
The variable can be a system embedded variable such as
"_cookie_JSESSIONID", a customized variable defined in
LbVariableAssignmentAction or a captured variable in regular expression
such as "article".
string Required

LbVariablePersistenceOnAction (schema) (Deprecated)

Action to persist the variable value

This action is performed in HTTP forwarding phase. It is used to inspect
the variable of HTTP request, and look up the persistence entry with its
value and pool uuid as key.
If the persistence entry is found, the HTTP request is forwarded to the
recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the
table after backend server is selected.

Name Description Type Notes
persistence_profile_id UUID of LbPersistenceProfile

If the persistence profile UUID is not specified, a default
persistence table is created per virtual server. Currently, only
LbGenericPersistenceProfile is supported.
string
type Must be set to the value LbVariablePersistenceOnAction LbRuleActionType Required
variable_hash_enabled Whether to enable a hash operation for variable value

The property is used to enable a hash operation for variable value
when composing the persistence key.
boolean Default: "False"
variable_name Variable name

The property is the name of variable to be used. It specifies which
variable's value of a HTTP Request will be used in the key of
persistence entry. The variable can be a system embedded variable such
as "_cookie_JSESSIONID", a customized variable defined in
LbVariableAssignmentAction or a captured variable in regular expression
such as "article".
string Required

LbVirtualServer (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
access_list_control IP access list control to filter the connections

Specifies the access list control to define how to filter the
connections from clients.
LbAccessListControl
access_log_enabled Whether access log is enabled boolean Default: "False"
application_profile_id application profile identifier

The application profile defines the application protocol characteristics.
It is used to influence how load balancing is performed. Currently,
LbFastTCPProfile, LbFastUDPProfile and
LbHttpProfile, etc are supported.
string Required
client_ssl_profile_binding Virtual server side SSL binding setting

The setting is used when load balancer acts as an SSL server and
terminating the client SSL connection
The property is deprecated as NSX-T Load Balancer is deprecated.
ClientSslProfileBinding Deprecated
default_pool_member_port Default pool member port when member port is not defined.

This is a deprecated property, please use 'default_pool_member_ports'
instead.
If default_pool_member_port is configured and default_pool_member_ports
are not specified, both default_pool_member_port
and default_pool_member_ports in response payload would return the same
port value.
If both are specified, default_pool_member_ports setting would take
effect with higher priority.
PortElement Deprecated
default_pool_member_ports Default pool member ports when member port is not defined.

If default_pool_member_ports are configured, both
default_pool_member_port and default_pool_member_ports in the response
payload would include port settings, notice that the value of
default_pool_member_port is the first element of
default_pool_member_ports.
array of PortElement Maximum items: 14
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled whether the virtual server is enabled boolean Default: "True"
id Unique identifier of this resource string Sortable
ip_address virtual server IP address IPAddress Required
ip_protocol virtual server IP protocol

Assigned Internet Protocol in IP header, TCP, UDP are supported.
VirtualServerIpProtocol Default: "TCP"
log_significant_event_only Log only significant event in access log

The property log_significant_event_only can take effect only when
access_log_enabled is true. If log_significant_event_only is true,
significant events are logged in access log.
For L4 virtual server, significant event means unsuccessful(error or
dropped) TCP/UDP connections.
For L7 virtual server, significant event means unsuccessful connections
or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx).
boolean Default: "False"
max_concurrent_connections maximum concurrent connection number

To ensure one virtual server does not over consume resources,
affecting other applications hosted on the same LBS, connections
to a virtual server can be capped.
If it is not specified, it means that connections are unlimited.
The property is deprecated as NSX-T Load Balancer is deprecated.
integer Deprecated
Minimum: 1
Maximum: 2147483647
max_new_connection_rate maximum new connection rate in second

To ensure one virtual server does not over consume resources,
connections to a member can be rate limited.
If it is not specified, it means that connection rate is unlimited.
The property is deprecated as NSX-T Load Balancer is deprecated.
integer Deprecated
Minimum: 1
Maximum: 2147483647
persistence_profile_id persistence profile identifier

Persistence profile is used to allow related client connections to be
sent to the same backend server.
string
pool_id default server pool identifier

The server pool(LbPool) contains backend servers. Server pool
consists of one or more servers, also referred to as pool members, that
are similarly configured and are running the same application.
string
port Virtual server port number or port range

This is a deprecated property, please use 'ports' instead.
Port setting could be single port for both L7 mode and L4 mode.
For L4 mode, a single port range is also supported.
The port setting could be a single port or port range such as
"80", "1234-1236".
If port is configured and ports are not specified, both port and
ports in response payload would return the same port value.
If both port and ports are configured, ports setting would take effect
with higher priority.
PortElement Deprecated
ports Virtual server ports or port ranges

Port setting could be a single port for both L7 mode and L4 mode.
For L4 mode, multiple ports or port ranges are also supported such
as "80", "443", "1234-1236".
If ports is configured, both port and ports in the response payload
would include port settings, notice that the port field value is the
first element of ports.
array of PortElement Maximum items: 14
resource_type Must be set to the value LbVirtualServer string
rule_ids List of load balancer rule identifiers

Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for
only layer 7 virtual servers with LbHttpProfile.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of string Deprecated
Maximum items: 4000
server_ssl_profile_binding Pool side SSL binding setting

The setting is used when load balancer acts as an SSL client and
establishing a connection to the backend server.
The property is deprecated as NSX-T Load Balancer is deprecated.
ServerSslProfileBinding Deprecated
sorry_pool_id Identifier of sorry server pool

When load balancer can not select a backend server to serve the
request in default pool or pool in rules, the request would be served
by sorry server pool.
The property is deprecated as NSX-T Load Balancer is deprecated.
string Deprecated
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LbVirtualServerDeleteParameters (schema)

Name Description Type Notes
delete_associated_rules Delete associated rules

If this is set to true, the associated rules are also deleted when
virtual server is deleted if the rules are not used by other virtual
servers.
boolean Default: "False"

LbVirtualServerListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of virtual servers array of LbVirtualServer Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbVirtualServerStatistics (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated EpochMsTimestamp
statistics Virtual server statistics counter LbStatisticsCounter Required
virtual_server_id load balancer virtual server identifier string Required

LbVirtualServerStatisticsListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated statistics list of virtual servers array of LbVirtualServerStatistics Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbVirtualServerStatus (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated. EpochMsTimestamp
status Virtual server status

UP means that all primary members in default pool are in UP status.
For L7 virtual server, if there is no default pool, the virtual server
would be treated as UP.
PARTIALLY_UP means that some(not all) primary members in default pool
are in UP status. The size of these active primary members should be
larger than or equal to the certain number(min_active_members) which is
defined in LbPool. When there are no backup members which are in the UP
status, the number(min_active_members) would be ignored.
PRIMARY_DOWN means that less than certain(min_active_members) primary
members in default pool are in UP status but backup members are in UP
status, the connections would be dispatched to backup members.
DOWN means that all primary and backup members are in DOWN status.
DETACHED means that the virtual server is not bound to any service.
DISABLED means that the admin state of the virtual server is disabled.
UNKNOWN means that no status reported from transport-nodes. The
associated load balancer service may be working(or not working).
string Enum: UP, PARTIALLY_UP, PRIMARY_DOWN, DOWN, DETACHED, DISABLED, UNKNOWN
virtual_server_id load balancer virtual server identifier string Required

LbVirtualServerStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated status list of virtual servers array of LbVirtualServerStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LbVirtualServerWithRule (schema)

Name Description Type Notes
rules Associated load balancer rules

It is used to add rules, update rules and bind rules to the virtual
server.
To add new rules, make sure that the rules have no identifier
specified, the new rules are automatically generated and associated to
the virtual server.
If the virtual server need to consume some existed rules without
change, those rules should not be specified in the list, otherwise,
the rules are updated.
For update_with_rules action, it supports rules delete and update.
To delete old rules, the rules should not be configured in new action,
the UUID of deleted rules should be removed from rule_ids.
To update rules, the rules should be specified with new change and
configured with identifier.
If there are some rules which are not modified, those rule should not
be specified in the rules list, the UUID list of rules should be
specified in rule_ids of LbVirtualServer.
The property is deprecated as NSX-T Load Balancer is deprecated.
array of LbRule Deprecated
virtual_server Virtual server configuration

If rules need to be associated to the virtual server, please set rules
properties of LbVirtualServerWithRule with rule list configuration.
For the rules which are not modified but associated to the virtual
server, the rule UUID list should be specified in rule_ids property of
LbVirtualServer and the associated rules should not be specified in
rules of LbVirtualServerWithRule.
LbVirtualServer Required

LdapIdentitySource (schema)

An LDAP identity source

This is the base type for all identity sources that use LDAP for authentication and group membership. This is an abstract type. Concrete child types:
ActiveDirectoryIdentitySource
OpenLdapIdentitySource

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alternative_domain_names Additional domains to be directed to this identity source

After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.		 array of string
base_dn DN of subtree for user and group searches

The subtree of the LDAP identity source to search when locating users and groups.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domain_name Authentication domain name

The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use.		 string Required
id Unique identifier of this resource string Sortable
ldap_servers LDAP servers for this identity source

The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.		 array of IdentitySourceLdapServer Maximum items: 3
resource_type Must be set to the value LdapIdentitySource string Required
Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LdapIdentitySourceListResult (schema)

List results containing LDAP identity sources

The results of listing LDAP identity sources.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of LdapIdentitySource
(Abstract type: pass one of the following concrete types)
ActiveDirectoryIdentitySource
OpenLdapIdentitySource
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LdapIdentitySourceProbeResults (schema)

Results from probing all LDAP servers

Results from probing all LDAP servers in an LDAP identity source configuration.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
results Probe results

Probe results for all probed LDAP servers.		 array of IdentitySourceLdapServerProbeResult

LdapIdentitySourceSearchRequestParameters (schema)

Arguments for searching users and groups

To search for a user or group in an LDAP identity source,
provide a filter_value. The directory will be searched for
users and groups that match the search string.

User searches:

For Active Directory sources, the directory will be searched
for users whose commonName (CN) property contains the given
string and for users whose samAccountName property contains
the given string. For OpenLDAP sources, the directory will
be searched for users whose commonName (CN) property contains
the given string and for users whose uid property contains
the given string.

Group searches:

For both Active Directory and OpenLDAP sources, the directory
will be searched for groups whose commonName (CN) property
contains the the given string.

The LDAP server may impose a limit on the number of returned
entries.

Name Description Type Notes
filter_value Search filter value

A string to use when searching for users and groups in the LDAP identity source.		 string Required

LdapIdentitySourceSearchResultItem (schema)

Name Description Type Notes
common_name Common Name (CN) of entry

The Common Name (CN) of the entry, if available.		 string
dn DN of the entry

Distinguished name (DN) of the entry.		 string
principal_name The principal name of the user or group, if available

For Active Directory (AD) users, this will be the user principal name (UPN), in the format user@domain. For non-AD users, this will be the user's uid property, followed by "@" and the domain of the directory. For groups, this will be the group's common name, followed by "@" and the domain of the directory.		 string
type Type of the entry

Describes the type of the entry		 string Enum: USER, GROUP

LdapIdentitySourceSearchResultList (schema)

A list of LDAP search results

A list of LDAP entries returned from a search of an LDAP identity source.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
results array of LdapIdentitySourceSearchResultItem

LdapProbeError (schema)

Error detail from probe

Detail about one error encountered during a probe.

Name Description Type Notes
error_type Error type

The cause of the error.

BASE_DN_NOT_FOUND: The configured base DN does not exist on the
LDAP server or is not readable.
BIND_DN_AND_PASSWORD_REQUIRED: This server is configured to
require a bind DN and password. Please add these to your
LDAP server configuration.
BIND_DN_INVALID: The bind DN or username provided is not valid
on the LDAP server. Check that the bind DN is correct.
This error may also indicate that the base DN in your
configuration is incorrect.
CERTIFICATE_HOSTNAME_MISMATCH_ERROR: The hostname configured for
the LDAP server does not match the hostname in the server's
certificate subject or alternative subject names. Be sure
that the hostname you configure in NSX Manager matches one
of those names.
CERTIFICATE_MISMATCH_ERROR: The certificate presented by the
LDAP server did not match the certificate in the configuration
on the NSX Manager.
CONNECTION_REFUSED: The connection was refused when contacting the
LDAP server. Ensure that the LDAP server is running and that
you are using the correct ip/hostname.
CONNECTION_TIMEOUT: The connection timed out when contacting
the LDAP server. Check the hostname/ip and any firewalls
between the NSX Manager and the LDAP server.
GENERAL_ERROR: An undetermined error occurred.
INVALID_CONFIGURED_CERTIFICATE: The certificate configured for
this LDAP server is invalid and could not be decoded. Check
that the PEM-formatted certificate you provided is correct.
INVALID_CREDENTIALS: The username and/or password are incorrect.
SSL_HANDSHAKE_ERROR: An error occurred while establishing a secure
connection with the LDAP server. Check that the LDAP server's
certificate is correct, and that it is using an SSL/TLS
cipher suite that is compatible with the NSX Manager.
This error can also occur if the hostname you have configured
for the LDAP server does not match any of the hostnames in
the Subject Alternative Name records in the server
certificate.
STARTTLS_FAILED: Unable to use StartTLS to upgrade the connection
to use TLS. Ensure that the LDAP server supports TLS and if
not, use LDAP or LDAPS as the protocol.
UNKNOWN_HOST: The hostname of the LDAP server could not be
resolved.
NO_ROUTE_TO_HOST: There is no network route to the host.
BIND_EXCEPTION: A socket to the remote host could not be opened.
PORT_UNREACHABLE: The LDAP port is not open on the remote host.
BASE_DN_NOT_WITHIN_DOMAIN: For Active Directory, the base DN
is not a subtree of the Domain Component tree corresponding
to the LDAP domain. For example, if the domain is
"example.com", the baseDN should be "dc=example, dc=com"
or a subtree like "ou=Users,dc=example,dc=com".
LDAP_SERVER_DISABLED: The LDAP server is marked as disabled
in the NSX configuration and will not be used.
string Enum: BASE_DN_NOT_FOUND, BIND_DN_AND_PASSWORD_REQUIRED, BIND_DN_INVALID, CERTIFICATE_HOSTNAME_MISMATCH_ERROR, CERTIFICATE_MISMATCH_ERROR, CONNECTION_REFUSED, CONNECTION_TIMEOUT, GENERAL_ERROR, INVALID_CONFIGURED_CERTIFICATE, INVALID_CREDENTIALS, SSL_HANDSHAKE_ERROR, STARTTLS_FAILED, UNKNOWN_HOST, NO_ROUTE_TO_HOST, BIND_EXCEPTION, PORT_UNREACHABLE, BASE_DN_NOT_WITHIN_DOMAIN, LDAP_SERVER_DISABLED

Legend (schema)

Legend for the widget

Represents legend that describes the entities of the widget.

Name Description Type Notes
alignment Alignment of the legend

Describes the alignment of legend. Alignment of a legend denotes how individual items of the legend are aligned in a container. For example, if VERTICAL is chosen then the items of the legend will appear one below the other and if HORIZONTAL is chosen then the items will appear side by side.		 string Enum: HORIZONTAL, VERTICAL
Default: "VERTICAL"
display_count Show count of entities in the legend

If set to true, it will display the counts in legend. If set to false, counts of entities are not displayed in the legend.		 boolean Default: "True"
display_mode Display mode for legends.

Display mode for legends.		 string Enum: SHOW_ALL_LEGENDS, SHOW_MIN_NO_OF_LEGENDS, SHOW_OTHER_GROUP_WITH_LEGENDS
Default: "SHOW_ALL_LEGENDS"
filterable Show checkbox along with legends if value is set to true

Show checkbox along with legends if value is set to true. Widget filtering capability can be enable based on legend checkbox selection. for 'display_mode' SHOW_OTHER_GROUP_WITH_LEGENDS filterable property is not supported.		 boolean Default: "False"
min_legends_display_count A minimum number of legends to be displayed.

A minimum number of legends to be displayed upfront. if 'display_mode' is set to SHOW_MIN_NO_OF_LEGENDS then this property value will be used to display number of legends upfront in the UI.		 int Minimum: 1
Maximum: 12
Default: "3"
other_group_legend_label A label for showing other category in legends.

A translated label for showing other category label in legends.		 string Default: "WIDGET_LABEL_OTHER_LEGEND_LABEL"
position Placement of legend

Describes the relative placement of legend. The legend of a widget can be placed either to the TOP or BOTTOM or LEFT or RIGHT relative to the widget. For example, if RIGHT is chosen then legend is placed to the right of the widget.		 string Enum: TOP, BOTTOM, LEFT, RIGHT, TOP_RIGHT
Default: "RIGHT"
type Type of the legend

Describes the render type for the legend. The legend for an entity describes the entity in the widget. The supported legend type is a circle against which the entity's details such as display_name are shown. The color of the circle denotes the color of the entity shown inside the widget.		 string Enum: CIRCLE
Default: "CIRCLE"
unit Show unit of entities in the legend

Show unit of entities in the legend.		 string

LegendWidgetConfiguration (schema)

Legend widget Configuration

Represents configuration for Legend widget. For this widget the data source is not applicable. This widget can be use to add the Legend inside the dashboard container.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
layout A layout for legend widget.

Defines the layout for the legend widget		 Legend Required
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value LegendWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
source_widget_id Id of source widget for this legend widget

Id of source widget, if any. Id should be a valid id of an existing widget. This property can be used to identify the source of the data for this legend widget.		 string Required
Maximum length: 255
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

License (schema)

license properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
capacity_type license metric

License metrics specifying the capacity type of license key.
Types are:
- VM
- CPU
- USER(Concurrent User)
- CORE
- HOST
string Readonly
Enum: VM, CPU, USER, CORE, HOST
description license edition string Readonly
expiry date that license expires EpochMsTimestamp Readonly
features semicolon delimited feature list string Readonly
is_eval true for evalution license boolean Readonly
is_expired whether the license has expired boolean Readonly
is_mh multi-hypervisor support boolean Readonly
license_key license key string Required
Pattern: "^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$"
product_name product name string Readonly
product_version product version string Readonly
quantity license capacity; 0 for unlimited integer Readonly

LicensesListResult (schema)

Licenses queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Licenses Results array of License Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LineChartPlotConfiguration (schema)

A line chart plotting configuration

A line chart plotting configuration.

Name Description Type Notes
allow_maximize Allow maximize capability for this widget

Allow maximize capability for this widget		 boolean
condition Expression for evaluating condition for this chart config

If the condition is met then the given chart config is applied to the widget configuration.		 string Maximum length: 1024
fill_gradient_area Fill the line chart area with a gradient series color.

Fill the line chart area with a gradient series color.
boolean
num_of_series_to_display A number of series to be displayed upfront.

Specifies the number of series to be displayed in a line chart. If no value is provided all the series will be displayed.		 int Minimum: 1
Maximum: 16
show_curved_lines Show curved lines for series

Used for displaying the curved lines for a series in a line chart. By default,
straight line is used to for a series in a line chart.
boolean Default: "True"
show_data_in_tooltip Show data in tooltip.

Show the data in tooltip.
boolean Default: "False"
show_data_points Show the Data point highlighting in line chart

Controls the visiblity of the data points on the line
chart. If value is set to false data points wont be high-
lighted on the lines.
boolean Default: "True"
show_grid_lines Show grid lines

Controls the visiblity of the grid lines in
line chart.
boolean Default: "True"
show_grouped_tooltip Derives to show the grouped tooltip

Controls the visiblity of the grouped tooltip in a
line chart across all series.
boolean Default: "False"
show_min_max_on_series Show min and max value on line series

Controls the visiblity of the min and max value
across line series in line chart.
boolean Default: "False"
show_unit_in_tooltip Show data unit in tooltip.

Show the data unit in tooltip.
boolean Default: "False"
sort_data_in_grouped_tooltip Sort the data in grouped tooltip

Sort the data in grouped tooltip.
boolean Default: "False"
sort_series Perform sorting on series using the latest data point

Specifies whether the series should be sorted by the latest data point.
boolean Default: "False"

ListByNodeIdParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string

ListByOptionalNodeIdParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id Transport node id string

ListByOptionalTransportNodeParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Transport node string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ListByRequiredNodeIdParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string Required

ListCertParameter (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
details whether to expand the pem data and show all its details boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Type of certificate to return

Provide this parameter to limit the list of returned certificates to those matching a particular usage.
Passing cluster_certificate will return the certificate used for the cluster wide API service.
string Enum: cluster_api_certificate

ListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ListResult (schema)

Base class for list results from collections

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ListResultQueryParameters (schema)

Parameters that affect how list results are processed

Name Description Type Notes
fields Fields to include in query results

Comma-separated field names to include in query result		 string

ListWithDataSourceParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

LiveTraceActionConfig (schema)

Name Description Type Notes
pktcap_config The packet capture action config PktcapActionConfig Readonly
trace_config The trace action config TraceActionConfig Readonly

LiveTraceActionType (schema)

TRACE
- Tracing packet by reporting observations in datapath.
PKTCAP
- Dumping packet to PCAP file.
COUNT
- An unsupported action.

Name Description Type Notes
LiveTraceActionType TRACE
- Tracing packet by reporting observations in datapath.
PKTCAP
- Dumping packet to PCAP file.
COUNT
- An unsupported action.
string Enum: TRACE, PKTCAP, COUNT

LiveTraceConfig (schema)

Livetrace configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
actions Livetrace actions

Configuration of actions on the filtered packets.
PolicyLiveTraceActionConfig Required
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
filter Packet filter

Filter for flows of interest.
LiveTraceFilterData
(Abstract type: pass one of the following concrete types)
FieldsFilterData
PlainFilterData
id Unique identifier of this resource string Sortable
is_transient Marker to indicate if the intent is transient

This field indicates whether the intent is transient. If it is set to true, intent will be
cleaned up after 1 hour of inactivity.
boolean Default: "True"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LiveTraceConfig string
src_port_path Policy path of logical port

Policy path of logical port to start a livetrace session.
string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Timeout in seconds for livetrace session

The duration for observing live traffic on the specified source logical port.
integer Minimum: 5
Maximum: 300
Default: "10"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LiveTraceConfigListResult (schema)

Paged collection of LiveTraceConfig entities

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LiveTraceConfig list results array of LiveTraceConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LiveTraceDetailListParameters (schema)

Livetrace result list parameters

Name Description Type Notes
action_type The type of observations that will be listed. LiveTraceActionType
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

LiveTraceFilterData (schema)

This is an abstract type. Concrete child types:
FieldsFilterData
PlainFilterData

Name Description Type Notes
resource_type Filter type string Required
Enum: FieldsFilterData, PlainFilterData
Default: "FieldsFilterData"

LiveTraceFilterInvalidInfo (schema)

Name Description Type Notes
filter Invalid packet filter in use

Invalid packet filter used in the Livetrace session.		 LiveTraceFilterData
(Abstract type: pass one of the following concrete types)
FieldsFilterData
PlainFilterData		 Readonly
reason Reason of invalid packet filter

The description of why the filter is rejected by the transport node.		 string Readonly

LiveTraceListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Livetrace status list array of LiveTraceStatus
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LiveTracePacketGranularActionConfig (schema)

Configuration of livetrace packet granular action

Name Description Type Notes
dest_port_path Policy path of logical port

Policy path of logical port for the reverse direction of a livetrace session. It is required only when the
trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same
port specified for the reverse direction.
string
reverse_filter Packet filter

Filter for flows of interest at the reverse direction. It takes effect only when the trace type is bidirectional.
Multiple bi-directional actions in a livetrace session should have the same filter specified for the reverse
direction.
LiveTraceFilterData
(Abstract type: pass one of the following concrete types)
FieldsFilterData
PlainFilterData
sampling Sampling parameter for the action

Sampling parameter for the action. Trace action and packet capture action only support first-N sampling.
LiveTraceSamplingConfig Required
trace_type Type of trace string Required
Enum: UNI_DIRECTIONAL, BI_DIRECTIONAL

LiveTraceRequest (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
actions Actions to the filtered packet LiveTraceActionConfig Required
Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
filter Packet filter for flows of interest LiveTraceFilterData
(Abstract type: pass one of the following concrete types)
FieldsFilterData
PlainFilterData		 Readonly
id Unique identifier of this resource string Sortable
resource_type Must be set to the value LiveTraceRequest string
source_lport Source logical port string Required
Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Timeout in seconds for livetrace session integer Minimum: 5
Maximum: 300
Default: "10"

LiveTraceResult (schema)

Name Description Type Notes
id ID of a livetrace session

The id is assigned by Livetrace and cannot be specified by user.
string Required
Readonly
pktcap_results PktCap action results array of PktCapResult
trace_results Trace action observation list results array of TraceResult

LiveTraceSamplingConfig (schema)

Sampling parameter for a livetrace action

Name Description Type Notes
match_number Parameter for first-N sampling.

First N packets are sampled. The upper limits of sampling number for trace and packet capture actions
are 50 and 500, respectively.
integer Minimum: 1
Maximum: 500
sampling_interval Parameter for interval based sampling

A packet is sampled for every given time interval in ms.
integer Minimum: 1
Maximum: 30000
sampling_rate Parameter for packet number based sampling

1 out of N packets is sampled on average.
integer Minimum: 1
Maximum: 65535

LiveTraceStatus (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
actions Action to the filtered packet LiveTraceActionConfig Required
Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
filter Packet filter for flows of interest LiveTraceFilterData
(Abstract type: pass one of the following concrete types)
FieldsFilterData
PlainFilterData		 Readonly
filter_invalid_info Detail on invalid filter(s) in a Livetrace session.

The detail of invalid filter(s) in a Livetrace session.
This field is only applicable for filters of PlainFilterData type.
array of LiveTraceFilterInvalidInfo Readonly
id Unique identifier of this resource string Sortable
invalidation_reason Livetrace invalidation reason

The reason of invalidating a Livetrace session.
PORT_DISCONNECT - Source or destination logical port of the session is disconnected.
DP_DESTROY - Dataplane is destroyed.
UNKNOWN - The invalidation reason cannot be determined.
PCAP_IO_FAILURE - Exception occurred when writing captured packets to file. In general, this issue could be caused by insufficient disk partition space of /tmp on ESXi or Edge.
string Readonly
Enum: PORT_DISCONNECT, DP_DESTROY, UNKNOWN, PCAP_IO_FAILURE
operation_state Operation state

The operation state of Livetrace.
IN_PROGRESS - collecting the session results.
FINISHED - session results collection completes.
PARTIAL_FINISHED - session results may be incomplete.
CANCELED - session is cancelled by exception.
INVALIDATED - session is invalidated by configuration changes such as VM migration.
TIMEOUT - session is not completed on time.
string Required
Readonly
Enum: IN_PROGRESS, FINISHED, PARTIAL_FINISHED, CANCELED, INVALIDATED, TIMEOUT
request_status Livetrace request status

The status of a Livetrace request.
SUCCESS_DELIVERED - The request is delivered successfully.
LCP_FAILURE - LCP agent fails to realize the request.
INVALID_FILTER - Filter is invalid.
DATAPATH_FAILURE - Dataplane fails to realize the request.
TIMEOUT - The response to the request is not received within timeout.
CONNECTION_ERROR - There is connection error between host components.
UNKNOWN - The status of request cannot be determined.
string Required
Readonly
Enum: SUCCESS_DELIVERED, LCP_FAILURE, INVALID_FILTER, DATAPATH_FAILURE, CONNECTION_ERROR, TIMEOUT, UNKNOWN
resource_type Must be set to the value LiveTraceStatus string
source_lport The source logical port string Required
Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Timeout in seconds for livetrace session integer Required
Readonly
Minimum: 5
Maximum: 300

LiveTraceStatusRequest (schema)

Livetrace request status

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path of enforcement point on which livetrace session was created.
string

LldpHostSwitchProfile (schema) (Deprecated)

Host Switch for LLDP

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
required_capabilities array of string Readonly
resource_type Must be set to the value LldpHostSwitchProfile HostSwitchProfileType Required
send_enabled Enabled or disabled sending LLDP packets boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LoadBalancerAllocationPool (schema)

Name Description Type Notes
allocation_pool_type Must be set to the value LoadBalancerAllocationPool AllocationPoolType Required
allocation_size Size of load balancer service

To address varied customer performance and scalability requirements,
different sizes for load balancer service are supported: SMALL, MEDIUM,
LARGE and XLARGE, each with its own set of resource and performance.
Specify size of load balancer service which you will bind to TIER1
router.
string Required
Enum: SMALL, MEDIUM, LARGE, XLARGE
Default: "SMALL"

LocalBundlePath (schema)

Path of a local bundle

Path of a local bundle which needs to be uploaded.

Name Description Type Notes
file Local bundle multipart_file Required
file_type Type of file

Type of file which will be uploaded.		 string Required
Enum: OVA
product Name of the appliance

Name of the appliance for which upload is performed.		 string Required
Enum: SAMPLE, ALB_CONTROLLER, INTELLIGENCE

LocalEgress (schema)

Local Egress

Local Egress is used on both server and client sites so that the gateway
is used for N-S traffic and overhead on L2VPN tunnel is reduced.

Name Description Type Notes
optimized_ips Gateway IP for Local Egress

Gateway IP for Local Egress. Local egress is enabled only when this
list is not empty.
array of IPAddress Minimum items: 1
Maximum items: 1

LocalEgressRoutingEntry (schema)

Local egress routing policy

Name Description Type Notes
nexthop_address Next hop address

Next hop address for proximity routing.
string Required
prefix_list_paths Policy path to prefix lists

The destination address of traffic matching a prefix-list is forwarded
to the nexthop_address. Traffic matching a prefix list with Action
DENY will be dropped.
Individual prefix-lists specified could have different actions.
array of string Required
Maximum items: 1

LocalSiteConfiguration (schema)

Local site information

Local site with federation id and epoch.

Name Description Type Notes
epoch Epoch integer Required
id Federation id string Required
site Site FederationSite Required

LocaleServices (schema)

Locale-services configuration

Site specific configuration of Tier0 in multi-site scenario

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bfd_profile_path Policy path of BFD profile

This profile is applied to all static route peers in this locale. BFD
profile configured on static route peers takes precedence over global
configuration. If this field is empty, a default profile is applied to
all peers.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildEvpnTunnelEndpointConfig
ChildPolicyMulticastConfig
ChildPolicyTier1MulticastConfig
ChildTier1Interface
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_path Edge cluster path

The reference to the edge cluster using the policy path of the edge cluster.
Auto assigned on Tier0 if the associated enforcement point has only one edge cluster.
For Tier1 ACTIVE-ACTIVE, edge cluster can not be removed and Edge Cluster will be defaulted
to edge cluster from connected Tier0.
string
ha_vip_configs Array of HA VIP Config.

This configuration can be defined only for Active-Standby Tier0 gateway to provide redundancy. For mulitple external interfaces, multiple HA VIP configs must be defined and each config will pair exactly two external interfaces. The VIP will move and will always be owned by the Active node. When this property is configured, configuration of dynamic-routing is not allowed.		 array of Tier0HaVipConfig
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
preferred_edge_paths Edge node path

Policy paths to edge nodes. For Tier1 gateway, the field is used to
statically assign the ordered list of up to two edge nodes for
stateful services. To enable auto allocation of nodes from the
specified edge cluster the field must be left unset. The auto
allocation of nodes is supported only for the Tier1 gateway. For
Tier0 gateway specified edge is used as a preferred edge node
when failover mode is set to PREEMPTIVE, not applicable otherwise.
array of string Maximum items: 2
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value LocaleServices string
route_redistribution_config Route Redistribution configuration

Configure all route redistribution properties like enable/disable redistributon, redistribution rule and so on.		 Tier0RouteRedistributionConfig
route_redistribution_types Enable redistribution of different types of routes on Tier-0

Enable redistribution of different types of routes on Tier-0.
This property is only valid for locale-service under Tier-0.
This property is deprecated, please use "route_redistribution_config"
property to configure redistribution rules.
array of Tier0RouteRedistributionTypes Deprecated
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

LocaleServicesListResult (schema)

Paged collection of LocaleServices

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LocaleServices results array of LocaleServices Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LoggingServiceProperties (schema)

Service properties

Name Description Type Notes
logging_level Service logging level string Required
Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
modified_package_logging_levels Modified package logging levels string
package_logging_level Package logging levels array of PackageLoggingLevels

LogicalConstructMigrationStats (schema)

Migration Statistics for Logical Constructs

Contains migration related information about logical constructs

Name Description Type Notes
site_id Federation site id

Federation site id.		 string Readonly
source_count Number of objects of source type

Number of objects of source type.		 string Readonly
source_type Type of the vSphere object

Type of the vSphere object (e.g. dvportgroup).		 string Readonly
target_count Number of objects of target type

Number of objects of target type.		 string Readonly
target_type Type of the Policy object

Type of the Policy object corresponding to the source type (e.g. Segment).		 string Readonly
vertical Functional area for the vSphere object

Functional area that this vSphere object falls into		 string Readonly

LogicalConstructMigrationStatsListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of migration stats for logical constructs array of LogicalConstructMigrationStats Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalDhcpServer (schema) (Deprecated)

Logical DHCP server

Definition of a logical DHCP server which can be attached a logical switch
via a logical port. Both ipv4_dhcp_server and ipv6_dhcp_server can be
configured at the same time, or only configure either ipv4_dhcp_server or
ipv6_dhcp_server.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attached_logical_port_id Id of attached logical port

The uuid of the attached logical port. Read only.		 string Readonly
description Description of this resource string Maximum length: 1024
Sortable
dhcp_profile_id DHCP profile uuid

The DHCP profile uuid the logical DHCP server references.		 string Required
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipv4_dhcp_server DHCP server for ipv4 addresses

The DHCP server for ipv4 addresses allocation service.		 IPv4DhcpServer
ipv6_dhcp_server DHCP server for ipv6 addresses

The DHCP server for ipv6 addresses allocation service.		 IPv6DhcpServer
resource_type Must be set to the value LogicalDhcpServer string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LogicalDhcpServerListResult (schema) (Deprecated)

A list of logical DHCP servers

A paginated list of logical DHCP servers.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DHCP servers

A paginated list of logical DHCP servers.		 array of LogicalDhcpServer Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalPort (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
address_bindings Address bindings for logical port

Each address binding must contain both an IPElement and MAC address.
VLAN ID is optional. This binding configuration can be used by
features such as spoof-guard and overrides any discovered bindings.
Any non unique entries are deduplicated to generate a unique set
of address bindings and then stored. For IP addresses, a subnet
address cannot have host bits set. A maximum of 128 unique address
bindings is allowed per port.
array of PacketAddressClassifier Minimum items: 0
Maximum items: 512
admin_state Represents Desired state of the logical port string Required
Enum: UP, DOWN
attachment Logical port attachment LogicalPortAttachment
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
extra_configs Extra configs on logical port

This property could be used for vendor specific configuration in key value
string pairs. Logical port setting will override logical switch setting if
the same key was set on both logical switch and logical port.
array of ExtraConfig
id Unique identifier of this resource string Sortable
ignore_address_bindings Address bindings to be ignored by IP Discovery module

IP Discovery module uses various mechanisms to discover address
bindings being used on each port. If a user would like to ignore
any specific discovered address bindings or prevent the discovery
of a particular set of discovered bindings, then those address
bindings can be provided here. Currently IP range in CIDR format
is not supported.
array of PacketAddressClassifier Minimum items: 0
Maximum items: 16
init_state Initial state of this logical ports

Set initial state when a new logical port is created. 'UNBLOCKED_VLAN'
means new port will be unblocked on traffic in creation, also VLAN will
be set with corresponding logical switch setting. This port setting
can only be configured at port creation (POST), and cannot be modified.
'RESTORE_VIF' fetches and restores VIF attachment from ESX host.
LogicalPortInitState
internal_id ID of the logical port in Global Manager

The internal_id of the logical port may or may not be identical to it's
managed resource ID. If a VirtualMachine connected to logical port
migrates from one site to another, then on the destination site, it
will be connected to different logical port managed resource. However,
the internal_id field will be persisted across vmotion.
string
logical_switch_id Id of the Logical switch that this port belongs to. string Required
origin_id ID of the distributed virtual port and the distributed virtual switch in the source vCenter

ID populated by NSX when NSX on DVPG is used to indicate the source distributed virtual port and the corresponding distributed virtual switch. This ID is populated only for logical ports that belong to a logical switch of type DVPG.		 string Readonly
resource_type Must be set to the value LogicalPort string
switching_profile_ids array of SwitchingProfileTypeIdEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LogicalPortAttachment (schema) (Deprecated)

Logical port attachment

Name Description Type Notes
attachment_type Type of attachment for logical port

Indicates the type of logical port attachment. By default it is Virtual Machine interface (VIF)		 AttachmentType Default: "VIF"
context Attachment context

Extra context data for the attachment		 AttachmentContext
(Abstract type: pass one of the following concrete types)
L2VpnAttachmentContext
VifAttachmentContext
id Identifier of the interface attached to the logical port string Required

LogicalPortAttachmentState (schema) (Deprecated)

VIF attachment state of a logical port

Name Description Type Notes
attachers VM or vmknic entities that are attached to the LogicalPort array of PortAttacher Readonly
id VIF ID string Readonly
state State of the VIF attached to LogicalPort

A logicalPort must be in one of following state.
FREE - If there are no active attachers. The LogicalPort may or
may not have an attachment ID configured on it. This state is
applicable only to LogialPort of static type.
ATTACHED - LogicalPort has exactly one active attacher and no
further configuration is pending.
ATTACHED_PENDING_CONF - LogicalPort has exactly one attacher,
however it may not have been configured completely. Additional
configuration will be provided by other nsx components.
ATTACHED_IN_MOTION - LogicalPort has multiple active attachers.
This state represents a scenario where VM is moving from one
location (host or storage) to another (e.g. vmotion, vSphere HA)
DETACHED - A temporary state after all LogialPort attachers have
been detached. This state is applicable only to LogicalPort of
ephemeral type and the LogicalPort will soon be deleted.
string Required
Readonly
Enum: FREE, ATTACHED, ATTACHED_PENDING_CONF, ATTACHED_IN_MOTION, DETACHED

LogicalPortDeleteParameters (schema) (Deprecated)

Name Description Type Notes
detach force delete even if attached or referenced by a group

If this is set to true, then logical port is deleted
regardless of whether it has attachments, or it is added to
any NSGroup.
boolean Default: "False"

LogicalPortInitState (schema) (Deprecated)

Supported initial state of logical port

Name Description Type Notes
LogicalPortInitState Supported initial state of logical port string Deprecated
Enum: UNBLOCKED_VLAN, RESTORE_VIF

LogicalPortListParameters (schema) (Deprecated)

Logical port list parameters

Name Description Type Notes
attachment_id Logical Port attachment Id string
attachment_type Type of attachment for logical port; NONE means no attachment. AttachmentTypeQueryString
bridge_cluster_id Bridge Cluster identifier string
container_ports_only Only container VIF logical ports will be returned if true boolean Default: "False"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
diagnostic Flag to enable showing of transit logical port. boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
logical_switch_id Logical Switch identifier string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
parent_vif_id ID of the VIF of type PARENT

Get logical ports that have CHILD VIF attachment of given
PARENT VIF.
string
sort_ascending boolean
sort_by Field by which records are sorted string
switching_profile_id Network Profile identifier string
transport_node_id Transport node identifier

Get logical ports on the transport node; it can not be given
together with other parameters except container_ports_only and
attachment_type VIF.
string
transport_zone_id Transport zone identifier string

LogicalPortListResult (schema) (Deprecated)

Logical port queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results LogicalPort Results array of LogicalPort Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalPortListWithSourceParameters (schema)

Logical Port list with data source parameters

Name Description Type Notes
attachment_id Logical Port attachment Id string
attachment_type Type of attachment for logical port; NONE means no attachment. AttachmentTypeQueryString
bridge_cluster_id Bridge Cluster identifier string
container_ports_only Only container VIF logical ports will be returned if true boolean Default: "False"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
diagnostic Flag to enable showing of transit logical port. boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
logical_switch_id Logical Switch identifier string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
parent_vif_id ID of the VIF of type PARENT

Get logical ports that have CHILD VIF attachment of given
PARENT VIF.
string
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
switching_profile_id Network Profile identifier string
transport_node_id Transport node identifier

Get logical ports on the transport node; it can not be given
together with other parameters except container_ports_only and
attachment_type VIF.
string
transport_zone_id Transport zone identifier string

LogicalPortMacAddressCsvListResult (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of LogicalPortMacTableCsvEntry

LogicalPortMacAddressListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_port_id The id of the logical port string Required
Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of LogicalPortMacTableEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
transport_node_id Transport node identifier string Readonly

LogicalPortMacTableCsvEntry (schema)

Name Description Type Notes
mac_address The MAC address string Required
mac_type The type of the MAC address MacAddressType Required

LogicalPortMacTableEntry (schema)

Name Description Type Notes
mac_address The MAC address string Required
mac_type The type of the MAC address MacAddressType Required

LogicalPortMirrorDestination (schema)

Name Description Type Notes
port_ids Destination logical port identifier list. array of string Required
Minimum items: 1
Maximum items: 3
resource_type Must be set to the value LogicalPortMirrorDestination MirrorDestinationResourceType Required

LogicalPortMirrorSource (schema)

Name Description Type Notes
port_ids Source logical port identifier list array of string Required
Minimum items: 1
resource_type Must be set to the value LogicalPortMirrorSource MirrorSourceResourceType Required

LogicalPortOperationalStatus (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_port_id The id of the logical port string Required
Readonly
status The Operational status of the logical port string Required
Enum: UP, DOWN, UNKNOWN

LogicalPortState (schema) (Deprecated)

Realized state of the logical port.

Contians realized state of the logical port. For example, transport node
on which the port is located, discovered and realized address bindings of
the logical port.

Name Description Type Notes
attachment Logical port attachment state LogicalPortAttachmentState Readonly
discovered_bindings Logical port bindings discovered automatically

Contains the list of address bindings for a logical port that were
automatically dicovered using various snooping methods like ARP, DHCP
etc.
array of AddressBindingEntry
duplicate_bindings Duplicate logical port address bindings

If any address binding discovered on the port is also found on
other port on the same logical switch, then it is included in
the duplicate bindings list along with the ID of the port with
which it conflicts.
array of DuplicateAddressBindingEntry
id Id of the logical port string Required
realized_bindings Realized logical port bindings

List of logical port bindings that are realized. This list may be
populated from the discovered bindings or manual user specified bindings.
This binding configuration can be used by features such as firewall,
spoof-guard, traceflow etc.
array of AddressBindingEntry
transport_node_ids Identifiers of the transport node where the port is located array of string

LogicalPortStatistics (schema)

Name Description Type Notes
dropped_by_security_packets PacketsDroppedBySecurity Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_port_id The id of the logical port string Required
Readonly
mac_learning MacLearningCounters Readonly
rx_bytes DataCounter Readonly
rx_packets DataCounter Readonly
tx_bytes DataCounter Readonly
tx_packets DataCounter Readonly

LogicalPortStatusSummary (schema)

Name Description Type Notes
filters The filters used to find the logical ports- TransportZone id, LogicalSwitch id or LogicalSwitchProfile id array of Filter
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
total_ports The total number of logical ports. integer Required
up_ports The number of logical ports whose Operational status is UP integer Required

LogicalRouter (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
advanced_config Logical Router Configuration

Contains config properties for tier0 routers		 LogicalRouterConfig
allocation_profile Edge Cluster Member Allocation Profile

Configurations options to auto allocate edge cluster members for
logical router. Auto allocation is supported only for TIER1 and pick
least utilized member post current assignment for next allocation.
EdgeClusterMemberAllocationProfile
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_id Identifier of the edge cluster for this Logical Router

Used for tier0 routers		 string
edge_cluster_member_indices Member indices of the edge node on the cluster

For stateful services, the logical router should be associated with
edge cluster. For TIER 1 logical router, for manual placement of
service router within the cluster, edge cluster member indices needs
to be provided else same will be auto-allocated. You can provide
maximum two indices for HA ACTIVE_STANDBY. For TIER0 logical router
this property is no use and placement is derived from logical router
uplink or loopback port.
array of integer
failover_mode Failover mode for active-standby logical router instances.

Determines the behavior when a logical router instance restarts after
a failure. If set to PREEMPTIVE, the preferred node will take over,
even if it causes another failure. If set to NON_PREEMPTIVE, then the
instance that restarted will remain secondary.
This property must not be populated unless the high_availability_mode property
is set to ACTIVE_STANDBY.
If high_availability_mode property is set to ACTIVE_STANDBY and this property
is not specified then default will be NON_PREEMPTIVE.
string Enum: PREEMPTIVE, NON_PREEMPTIVE
firewall_sections LR Firewall Section References

List of Firewall sections related to Logical Router.		 array of ResourceReference Readonly
high_availability_mode High availability mode string Enum: ACTIVE_ACTIVE, ACTIVE_STANDBY
id Unique identifier of this resource string Sortable
ipv6_profiles IPv6 Profiles

IPv6Profiles captures IPv6 NDRA Profile and DAD Profile
id associated with the logical router.
IPv6Profiles
preferred_edge_cluster_member_index Preferred edge cluster member index

Preferred edge cluster member index which is required
for PREEMPTIVE failover mode. Used for Tier0 routers only.
integer Minimum: 0
resource_type Must be set to the value LogicalRouter string
router_type Type of Logical Router

TIER0 for external connectivity.
TIER1 for two tier topology with TIER0 on top.
VRF for isolation of routing table on TIER0.
string Required
Enum: TIER0, TIER1, VRF
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LogicalRouterCentralizedServicePort (schema)

Port to connect VLAN based network or overlay logical switch

This port can be configured on both TIER0 and TIER1 logical router.
Port can be connected to VLAN or overlay logical switch.
Unlike downlink port it does not participate in distributed routing and
hosted on all edge cluster members associated with logical router.
Stateful services can be applied on this port.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_netx Port is exclusively used for N-S service insertion boolean Default: "False"
id Unique identifier of this resource string Sortable
linked_logical_switch_port_id Reference to the logical switch port to connect to ResourceReference
logical_router_id Identifier for logical router on which this port is created string Required
mtu Maximum transmission unit (MTU)

Maximum transmission unit specifies the size of the largest packet that
a network protocol can transmit. If not specified, the global logical
MTU set in the /api/v1/global-configs/RoutingGlobalConfig API will be
used.
integer Minimum: 64
ndra_profile_id Identifier for NDRA profile on the port

Identifier of Neighbor Discovery Router Advertisement profile
associated with port. When NDRA profile id is associated at
both the port level and logical router level, the profile id
specified at port level takes the precedence.
string
resource_type Must be set to the value LogicalRouterCentralizedServicePort LogicalRouterPortResourceType Required
service_bindings Service Bindings array of ServiceBinding
subnets Logical router port subnets array of IPSubnet Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
urpf_mode Unicast Reverse Path Forwarding mode UrpfMode Default: "STRICT"

LogicalRouterConfig (schema)

Logical router config

Logical router configuration parameters.

Name Description Type Notes
external_transit_networks CIDR block defining Tier0 to Tier1 links

CIDR block defining addresses for Tier0 to Tier1 links.
If the value for this field is not provided, then it will be
considered as default IPv4 CIDR "100.64.0.0/16"
array of IPCIDRBlock
ha_vip_configs Array of HA VIP Config.

This configuration can be defined only for Active-Standby LogicalRouter to provide | redundancy. For mulitple uplink ports, multiple HaVipConfigs must be defined | and each config will pair exactly two uplink ports. The VIP will move and will | always be owned by the Active node. Note - when HaVipConfig[s] are defined, | configuring dynamic-routing is disallowed.		 array of HaVipConfig
internal_transit_network CIDR block defining SR to DR links

CIDR block defining service router to distributed router links.
If the value for this field is not provided, then it will be
considered as default IPv4 CIDR-
"169.254.0.0/28" for logical router with ACTIVE_STANDBY HA mode
"169.254.0.0/24" for logical router with ACTIVE_ACTIVE HA mode
IPv4CIDRBlock
transport_zone_id Transport Zone Identifier

Transport zone of the logical router. If specified then all downlink switches should belong to this transport zone and an error will be thrown if transport zone of the downlink switch doesn't match with this transport zone. All internal and external transit switches will be created in this transport zone.		 string

LogicalRouterDeleteRequestParameters (schema)

LogicalRouter delete request parameters

Name Description Type Notes
cascade_delete_linked_ports Flag to specify whether to delete related logical switch ports

When the flag is true, connected logical switch ports which are associated | with the logical router ports will be deleted. Additionally, for Tier1 LR, the associated | Tier 0 router link port will also be deleted. Note that this flag is active only when "force" | parameter is also set to true.		 boolean Default: "False"
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

LogicalRouterDownLinkPort (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_multicast Flag to enable/disable Multicast

If this flag is set to true - it will enable multicast on the
downlink interface. If this flag is set to false - it will disable
multicast on the downlink interface. This is supported only on
Tier0 downlinks. Default value for Tier0 downlink will be true.
boolean
id Unique identifier of this resource string Sortable
linked_logical_switch_port_id Reference to the logical switch port to connect to ResourceReference
logical_router_id Identifier for logical router on which this port is created string Required
mac_address MAC address

MAC address		 string Readonly
ndra_prefix_config Configuration to override the neighbor discovery router advertisement
prefix time parameters at the subnet level. Note that users are allowed
to override the prefix time only for IPv6 subnets which are configured
on the port.
array of NDRAPrefixConfig
ndra_profile_id Identifier for NDRA profile on the port

Identifier of Neighbor Discovery Router Advertisement profile
associated with port. When NDRA profile id is associated at
both the port level and logical router level, the profile id
specified at port level takes the precedence.
string
resource_type Must be set to the value LogicalRouterDownLinkPort LogicalRouterPortResourceType Required
routing_policies Routing policies

Routing policies used to specify how the traffic, which matches the
policy routes, will be processed.
array of RoutingPolicy Maximum items: 1
service_bindings Service Bindings array of ServiceBinding
subnets Logical router port subnets array of IPSubnet Required
Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
urpf_mode Unicast Reverse Path Forwarding mode UrpfMode Default: "STRICT"

LogicalRouterFIBListRequestParameters (schema)

Logical Router FIB List Request Parameters

Filter parameters for filtering routes from FIB depending on
provided properties.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
network_prefix Network address filter parameter

CIDR network address to filter the the FIB table.		 IPCIDRBlock
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string Required

LogicalRouterFIBRequestParameters (schema)

Logical Router FIB Request Parameters

Filter parameters for filtering routes from FIB depending on
provided properties.

Name Description Type Notes
network_prefix Network address filter parameter

CIDR network address to filter the the FIB table.		 IPCIDRBlock
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string Required

LogicalRouterHaHistory (schema)

Name Description Type Notes
event Logical router HA event that triggered state change

Logical router HA event that triggered state change		 string Readonly
event_timestamp Time in UTC when the last HA event occured

Time in UTC when the last HA event occured		 EpochMsTimestamp Readonly
state Logical router HA state

Logical router HA state DOWN - Logical router is not in good health SYNC - Logical router is synchronizing data from peer logical router STANDBY - Logical router is available to go Active ACTIVE - Logical router is forwarding traffic		 string Readonly
Enum: DOWN, SYNC, STANDBY, ACTIVE

LogicalRouterIPTunnelPort (schema)

Logical router IP tunnel port

Logical router IP tunnel port.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
admin_state Admin state of port

Admin state of port.		 string Readonly
Enum: UP, DOWN
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Identifier for logical router on which this port is created string Required
resource_type Must be set to the value LogicalRouterIPTunnelPort LogicalRouterPortResourceType Required
service_bindings Service Bindings array of ServiceBinding
subnets Tunnel port subnets

Tunnel port subnets.		 array of IPSubnet Required
Readonly
Minimum items: 1
Maximum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vpn_session_id VPN session identifier

Associated VPN session identifier.		 string Readonly

LogicalRouterLinkPortOnTIER0 (schema)

Port to connect the LogicalRouterLinkPortOnTIER1 of TIER1 logical router to

This port can be configured only on a TIER0 LogicalRouter.
Create an empty port to generate an id.
Use this id in the linked_logical_router_port_id on
LogicalRouterLinkPortOnTIER1 on TIER1 logical router.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
linked_logical_router_port_id Identifier of connected LogicalRouterLinkPortOnTIER1

Identifier of connected LogicalRouterLinkPortOnTIER1 of TIER1 logical router		 string Readonly
logical_router_id Identifier for logical router on which this port is created string Required
mac_address MAC address

MAC address		 string Readonly
resource_type Must be set to the value LogicalRouterLinkPortOnTIER0 LogicalRouterPortResourceType Required
service_bindings Service Bindings array of ServiceBinding
subnets Logical router port subnets array of IPSubnet Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LogicalRouterLinkPortOnTIER1 (schema)

Port to connect the TIER1 logical router to TIER0 logical router

This port can be configured only on a TIER1 LogicalRouter.
Use the id of the LogicalRouterLinkPortOnTIER0 from TIER0 logical router to set
the linked_logical_router_port_id on the port on TIER1 logical router.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_member_index Member index of the edge node on the cluster

Please use logical router API to pass edge cluster members indexes manually.
array of integer Deprecated
id Unique identifier of this resource string Sortable
linked_logical_router_port_id Reference of TIER0 port to connect the TIER1 to.

Reference of LogicalRouterLinkPortOnTIER0 of TIER0 logical router to connect this TIER1 logical router outwards.
ResourceReference
logical_router_id Identifier for logical router on which this port is created string Required
mac_address MAC address

MAC address		 string Readonly
resource_type Must be set to the value LogicalRouterLinkPortOnTIER1 LogicalRouterPortResourceType Required
service_bindings Service Bindings array of ServiceBinding
subnets Logical router port subnets array of IPSubnet Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LogicalRouterListParameters (schema)

Logical Router list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
router_type Type of Logical Router string Enum: TIER0, TIER1, VRF
sort_ascending boolean
sort_by Field by which records are sorted string
vrfs_on_logical_router_id List all VRFs on the specified logical router. string

LogicalRouterListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Logical router list results array of LogicalRouter Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalRouterLoopbackPort (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_member_index Member index of the edge node on the cluster array of integer Required
id Unique identifier of this resource string Sortable
logical_router_id Identifier for logical router on which this port is created string Required
resource_type Must be set to the value LogicalRouterLoopbackPort LogicalRouterPortResourceType Required
service_bindings Service Bindings array of ServiceBinding
subnets Loopback port subnets array of IPSubnet Required
Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LogicalRouterPort (schema)

This is an abstract type. Concrete child types:
LogicalRouterCentralizedServicePort
LogicalRouterDownLinkPort
LogicalRouterLinkPortOnTIER0
LogicalRouterLinkPortOnTIER1
LogicalRouterLoopbackPort
LogicalRouterUpLinkPort

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Identifier for logical router on which this port is created string Required
resource_type Must be set to the value LogicalRouterPort LogicalRouterPortResourceType Required
service_bindings Service Bindings array of ServiceBinding
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

LogicalRouterPortArpCsvRecord (schema)

Name Description Type Notes
ip The IP address IPAddress Required
mac_address The MAC address string Required

LogicalRouterPortArpEntry (schema)

Name Description Type Notes
ip The IP address IPAddress Required
mac_address The MAC address string Required

LogicalRouterPortArpTable (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_router_port_id The ID of the logical router port string Required
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of LogicalRouterPortArpEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalRouterPortArpTableInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of LogicalRouterPortArpCsvRecord

LogicalRouterPortCounters (schema)

Name Description Type Notes
blocked_packets The number of blocked packets

The total number of packets blocked.		 integer
dad_dropped_packets The number of duplicate address detected packets dropped

Number of duplicate address detected packets dropped.		 integer
destination_unsupported_dropped_packets The number of destination unsupported packets dropped

Number of packtes dropped as destination is not supported.		 integer
dropped_packets The number of dropped packets

The total number of packets dropped.		 integer
firewall_dropped_packets The number of firewall packets dropped

Number of firewall packets dropped.		 integer
frag_needed_dropped_packets The number of fragmentation needed packets dropped

Number of fragmentation needed packets dropped.		 integer
ipsec_dropped_packets The number of IPSec packets dropped

Number of IPSec packets dropped		 integer
ipsec_no_sa_dropped_packets The number of IPSec no security association packets dropped

Number of IPSec no security association packets dropped.		 integer
ipsec_no_vti_dropped_packets The number of IPSec no VTI packets dropped

Number of IPSec packets dropped as no VTI is present.		 integer
ipsec_pol_block_dropped_packets The number of IPSec policy block packets dropped

Number of IPSec policy block packets dropped.		 integer
ipsec_pol_err_dropped_packets The number of IPSec policy error packets dropped

Number of IPSec policy error packets dropped.		 integer
ipv6_dropped_packets The number of IPV6 packets dropped

Number of IPV6 packets dropped.		 integer
kni_dropped_packets The number of kernal NIC interface packets dropped

Number of DPDK kernal NIC interface packets dropped.		 integer
l4port_unsupported_dropped_packets The number of L4 port unsupported packets dropped

Number of packets dropped due to unsupported L4 port.		 integer
malformed_dropped_packets The number of malformed packets dropped

Number of packtes dropped as they are malformed.		 integer
no_arp_dropped_packets The number of no ARP packets dropped

Number of no ARP packets dropped.		 integer
no_linked_dropped_packets The number of no linked packets dropped

Number of packets dropped as no linked ports are present.		 integer
no_mem_dropped_packets The number of no memory packets dropped

Number of packets dropped due to insufficient memory.		 integer
no_receiver_dropped_packets The number of no receiver packets dropped

Number of packets dropped due to absence of receiver.		 integer
no_route_dropped_packets The number of no route packets dropped integer
non_ip_dropped_packets The number of non IP packets dropped

Number of non IP packets dropped.		 integer
proto_unsupported_dropped_packets The number of protocol unsupported packets dropped

Number of packets dropped as protocol is unsupported.		 integer
redirect_dropped_packets The number of redirect packets dropped

Number of redirect packets dropped.		 integer
rpf_check_dropped_packets The number of reverse-path forwarding check packets dropped

Number of reverse-path forwarding check packets dropped.		 integer
service_insert_dropped_packets The number of service insert packets dropped

Number of service insert packets dropped.		 integer
total_bytes The total number of bytes

The total number of bytes transferred.		 integer
total_packets The total number of packets

The total number of packets transferred.		 integer
ttl_exceeded_dropped_packets The number of time to live exceeded packets dropped

Number of time to live exceeded packets dropped.		 integer

LogicalRouterPortDeleteRequestParameters (schema)

LogicalRouterPort delete request parameters

Name Description Type Notes
cascade_delete_linked_ports Flag to specify whether to delete related logical switch ports

When the flag is true, the logical switch port or T0 router link port | associated with this logical router port is also deleted. This flag works independent | of the "force" parameter sent in request.		 boolean Default: "False"
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

LogicalRouterPortListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Logical router port list results array of LogicalRouterPort
(Abstract type: pass one of the following concrete types)
LogicalRouterCentralizedServicePort
LogicalRouterDownLinkPort
LogicalRouterLinkPortOnTIER0
LogicalRouterLinkPortOnTIER1
LogicalRouterLoopbackPort
LogicalRouterUpLinkPort		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalRouterPortResourceType (schema)

Resource types of logical router port

LogicalRouterUpLinkPort is allowed only on TIER0 logical router.
It is the north facing port of the logical router.
LogicalRouterLinkPortOnTIER0 is allowed only on TIER0 logical router.
This is the port where the LogicalRouterLinkPortOnTIER1 of TIER1 logical router connects to.
LogicalRouterLinkPortOnTIER1 is allowed only on TIER1 logical router.
This is the port using which the user connected to TIER1 logical router for upwards connectivity via TIER0 logical router.
Connect this port to the LogicalRouterLinkPortOnTIER0 of the TIER0 logical router.
LogicalRouterDownLinkPort is for the connected subnets on the logical router.
LogicalRouterLoopbackPort is a loopback port for logical router component
which is placed on chosen edge cluster member.
LogicalRouterIPTunnelPort is a IPSec VPN tunnel port created on
logical router when route based VPN session configured.
LogicalRouterCentralizedServicePort is allowed only on Active/Standby TIER0 and TIER1
logical router. Port can be connected to VLAN or overlay logical switch.
Unlike downlink port it does not participate in distributed routing and hosted
on all edge cluster members associated with logical router.
Stateful services can be applied on this port.

Name Description Type Notes
LogicalRouterPortResourceType Resource types of logical router port

LogicalRouterUpLinkPort is allowed only on TIER0 logical router.
It is the north facing port of the logical router.
LogicalRouterLinkPortOnTIER0 is allowed only on TIER0 logical router.
This is the port where the LogicalRouterLinkPortOnTIER1 of TIER1 logical router connects to.
LogicalRouterLinkPortOnTIER1 is allowed only on TIER1 logical router.
This is the port using which the user connected to TIER1 logical router for upwards connectivity via TIER0 logical router.
Connect this port to the LogicalRouterLinkPortOnTIER0 of the TIER0 logical router.
LogicalRouterDownLinkPort is for the connected subnets on the logical router.
LogicalRouterLoopbackPort is a loopback port for logical router component
which is placed on chosen edge cluster member.
LogicalRouterIPTunnelPort is a IPSec VPN tunnel port created on
logical router when route based VPN session configured.
LogicalRouterCentralizedServicePort is allowed only on Active/Standby TIER0 and TIER1
logical router. Port can be connected to VLAN or overlay logical switch.
Unlike downlink port it does not participate in distributed routing and hosted
on all edge cluster members associated with logical router.
Stateful services can be applied on this port.
string Enum: LogicalRouterUpLinkPort, LogicalRouterDownLinkPort, LogicalRouterLinkPortOnTIER0, LogicalRouterLinkPortOnTIER1, LogicalRouterLoopbackPort, LogicalRouterIPTunnelPort, LogicalRouterCentralizedServicePort

LogicalRouterPortState (schema)

Realization State of Logical Router Port.

This holds the state of Logical Router Port. If there are errors
in realizing LRP outside of MP, it gives details of the components and
specific errors.

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
ipv6_dad_statuses DAD Status

Array of DAD status which contains DAD information for IP addresses
on the port.
array of IPv6DADStatus Readonly
pending_change_list List of pending changes

Request identifier of the API which modified the entity.		 array of string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

LogicalRouterPortStatistics (schema)

Name Description Type Notes
logical_router_port_id The ID of the logical router port string Required
per_node_statistics Per Node Statistics array of LogicalRouterPortStatisticsPerNode Readonly

LogicalRouterPortStatisticsPerNode (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
rx LogicalRouterPortCounters Readonly
transport_node_id The ID of the TransportNode string Required
Readonly
tx LogicalRouterPortCounters Readonly

LogicalRouterPortStatisticsSummary (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_router_port_id The ID of the logical router port string Required
rx LogicalRouterPortCounters Readonly
tx LogicalRouterPortCounters Readonly

LogicalRouterPortsListParameters (schema)

Logical Router Ports list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
logical_router_id Logical Router identifier string
logical_switch_id Logical Switch identifier string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_type Resource Type LogicalRouterPortResourceType
sort_ascending boolean
sort_by Field by which records are sorted string

LogicalRouterRIBListRequestParameters (schema)

Logical Router RIB List Request Parameters

Filter parameters for filtering routes from RIB depending
on provided properties

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
network_prefix Network address filter parameter

IPaddress or CIDR network address to filter the RIB table.		 IPAddressOrCIDRBlock
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
route_source Route source filter parameter

To filter the RIB table based on the source from which route
is learned.
string Enum: BGP, STATIC, CONNECTED, OSPF
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string Required
vrf_table VRF filter parameter

To filter RIB table depending on the parameters specified
(not specified - empty) - get all routes
DEFAULT - get entries from default VRF
INTER_SR - get entries from inter SR VRF
string Enum: DEFAULT, INTER_SR

LogicalRouterRIBRequestParameters (schema)

Logical Router RIB Request Parameters

Filter parameters for filtering routes from RIB depending on
provided properties.

Name Description Type Notes
network_prefix Network address filter parameter

IPAddress or CIDR network address to filter the the RIB table		 IPAddressOrCIDRBlock
route_source Route source filter parameter

To filter the RIB table based on the source from which route
is learned.
string Enum: BGP, STATIC, CONNECTED, OSPF
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string Required
vrf_table VRF filter parameter

To filter RIB table depending on the parameters specified
(not specified - empty) - get all routes
DEFAULT - get entries from default VRF
INTER_SR - get entries from inter SR VRF
string Enum: DEFAULT, INTER_SR

LogicalRouterRouteCsvRecord (schema)

Name Description Type Notes
admin_distance The admin distance of the next hop integer
logical_router_port_id The id of the logical router port which is used as the next hop string
lr_component_id Logical router component(Service Router/Distributed Router) id string
lr_component_type Logical router component(Service Router/Distributed Router) type string
network CIDR network address IPCIDRBlock Required
next_hop The IP of the next hop IPAddress
route_type Route type (USER, CONNECTED, NSX_INTERNAL,..) string Required

LogicalRouterRouteEntry (schema)

Name Description Type Notes
admin_distance The admin distance of the next hop integer
logical_router_port_id The id of the logical router port which is used as the next hop string
lr_component_id Logical router component(Service Router/Distributed Router) id string
lr_component_type Logical router component(Service Router/Distributed Router) type string
network CIDR network address IPCIDRBlock Required
next_hop The IP address of the next hop IPAddress
route_type Route type (USER, CONNECTED, NSX_INTERNAL,..) string Required

LogicalRouterRouteTable (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_router_id The id of the logical router string Required
logical_router_name Name of the logical router string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of LogicalRouterRouteEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalRouterRouteTableInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of LogicalRouterRouteCsvRecord

LogicalRouterState (schema)

Realization State of Logical Router.

This holds the state of Logical Router. If there are errors in realizing LR outside of MP, it gives details of the components and specific errors.

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
pending_change_list List of pending changes

Request identifier of the API which modified the entity.		 array of string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

LogicalRouterStatus (schema)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
locale_operation_mode Location mode for logical router

Egress mode for the logical router at given mode
string Readonly
Enum: PRIMARY_LOCATION, SECONDARY_LOCATION
logical_router_id The id of the logical router string Required
per_node_status Per Node Status array of LogicalRouterStatusPerNode Readonly

LogicalRouterStatusPerNode (schema)

Name Description Type Notes
edge_path edge transport node path.

Only populated by Policy APIs		 string
high_availability_status A service router's HA status on an edge node string Required
Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN, ADMIN_DOWN
service_router_id id of the service router where the router status is retrieved. string
sub_cluster_id Sub cluster id for the node.

This field is populated for sateful active-active mode.
Runtime state is only synced among nodes in the same sub cluster.
string
transport_node_id id of the transport node where the router status is retrieved. string Required

LogicalRouterType (schema)

Name Description Type Notes
fields Fields to include in query results

Comma-separated field names to include in query result		 string
router_type Logical router type

Logical router type		 string Enum: SERVICE_ROUTER_TIER0, VRF_SERVICE_ROUTER_TIER0, DISTRIBUTED_ROUTER_TIER0, VRF_DISTRIBUTED_ROUTER_TIER0, SERVICE_ROUTER_TIER1, VRF_SERVICE_ROUTER_TIER1, DISTRIBUTED_ROUTER_TIER1, VRF_DISTRIBUTED_ROUTER_TIER1, TUNNEL, RTEP_TUNNEL_VRF

LogicalRouterUpLinkPort (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_member_index Member index of the edge node on the cluster array of integer Required
id Unique identifier of this resource string Sortable
igmp_config IGMP local group configuration parameters

Interface IGMP[Internet Group Management Protocol] local group config parameters.
InterfaceIgmpLocalGroupConfig
linked_logical_switch_port_id Reference to the logical switch port to connect to ResourceReference
logical_router_id Identifier for logical router on which this port is created string Required
mac_address MAC address

MAC address		 string Readonly
mtu Maximum transmission unit (MTU)

Maximum transmission unit specifies the size of the largest packet that
a network protocol can transmit. If not specified, the global logical
MTU set in the /api/v1/global-configs/RoutingGlobalConfig API will be
used.
integer Minimum: 64
ndra_prefix_config Configuration to override the neighbor discovery router advertisement
prefix time parameters at the subnet level. Note that users are allowed
to override the prefix time only for IPv6 subnets which are configured
on the port.
array of NDRAPrefixConfig
ndra_profile_id Identifier for NDRA profile on the port

Identifier of Neighbor Discovery Router Advertisement profile
associated with port. When NDRA profile id is associated at
both the port level and logical router level, the profile id
specified at port level takes the precedence.
string
pim_config PIM configuration parameters

PIM[Protocol Independent Multicast] configuration parameters.
InterfacePimConfig
resource_type Must be set to the value LogicalRouterUpLinkPort LogicalRouterPortResourceType Required
service_bindings Service Bindings array of ServiceBinding
subnets Logical router port subnets array of IPSubnet Required
Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
urpf_mode Unicast Reverse Path Forwarding mode UrpfMode Default: "STRICT"

LogicalRoutersInfo (schema)

Name Description Type Notes
ha_info Logical router high-availability information

Logical router high-availability information		 HaInfo Readonly
logical_router_uuid Logical router UUID

Logical router UUID		 string Readonly
mp_router_uuid MP logical router UUID

MP logical router UUID		 string Readonly
name Name of the logical router

Name of the logical router		 string Readonly
router_type Logical router type

Logical router type		 string Readonly
Enum: SERVICE_ROUTER_TIER0, VRF_SERVICE_ROUTER_TIER0, DISTRIBUTED_ROUTER_TIER0, VRF_DISTRIBUTED_ROUTER_TIER0, SERVICE_ROUTER_TIER1, VRF_SERVICE_ROUTER_TIER1, DISTRIBUTED_ROUTER_TIER1, VRF_DISTRIBUTED_ROUTER_TIER1, TUNNEL, RTEP_TUNNEL_VRF

LogicalServiceRouterClusterState (schema)

Realization State of Service Router.

This holds the state of Service Router. If there are errors in
realizing SR outside of MP, it gives details of the components and
specific errors.

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
pending_change_list List of pending changes

Request identifier of the API which modified the entity.		 array of string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

LogicalSwitch (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
address_bindings Address bindings for the Logical switch array of PacketAddressClassifier Deprecated
Minimum items: 0
Maximum items: 100
admin_state Represents Desired state of the Logical Switch string Required
Enum: UP, DOWN
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
extra_configs Extra configs on logical switch

This property could be used for vendor specific configuration in key value
string pairs, the setting in extra_configs will be automatically inheritted
by logical ports in the logical switch.
array of ExtraConfig
global_vni VNI allocated by the global manager

The VNI is used for intersite traffic and the global logical switch ID. The global VNI pool is agnostic of the local VNI pool, and there is no need to have an exclusive VNI range. For example, VNI x can be the global VNI for logical switch B and the local VNI for logical switch A.		 int
hybrid Flag to identify a hybrid logical switch

If this flag is set to true, then all the logical switch ports attached to
this logical switch will behave in a hybrid fashion. The hybrid logical switch port
indicates to NSX that the VM intends to operate in underlay mode,
but retains the ability to forward egress traffic to the NSX overlay network.
This flag can be enabled only for the logical switches in the overlay type transport zone which has
host switch mode as STANDARD and also has either CrossCloud or CloudScope tag scopes.
Only the NSX public cloud gateway (PCG) uses this flag, other host agents like ESX, KVM and Edge
will ignore it. This property cannot be modified once the logical switch is created.
boolean Default: "False"
id Unique identifier of this resource string Sortable
ip_pool_id Allocation ip pool associated with the Logical switch

IP pool id that associated with a LogicalSwitch.		 string
mac_pool_id Allocation mac pool associated with the Logical switch

Mac pool id that associated with a LogicalSwitch.		 string
node_local_switch A flag to prevent BUM (broadcast, unknown-unicast and multicast) traffic from reaching the other spanned edges. boolean
origin_id ID of the LS of type DVPG in the source vCenter

ID populated by NSX when NSX on DVPG is used to indicate the source DVPG.		 string Readonly
origin_type The type of source from which the DVPG is discovered string Readonly
Enum: VCENTER
replication_mode Replication mode of the Logical Switch string Enum: MTEP, SOURCE
resource_type Must be set to the value LogicalSwitch string
span List of Local Manager IDs the logical switch extends

Each manager ID represents the NSX Local Manager the logical switch connects. This will be populated by the manager.		 array of string Minimum items: 0
Maximum items: 16
switch_type Type of LogicalSwitch.

This field indicates purpose of a LogicalSwitch. It is set by manager internally
or user can provide this field. If not set, DEFAULT type is assigned.
NSX components can use this field to create LogicalSwitch that provides component
specific functionality.
DEFAULT type LogicalSwitches are created for basic L2 connectivity by API users.
SERVICE_PLANE type LogicalSwitches are system created service plane LogicalSwitches for
Service Insertion service. User can not create SERVICE_PLANE type of LogicalSwitch.
DHCP_RELAY type LogicalSwitches are created by external user like Policy with special
permissions or by system and will be treated as internal LogicalSwitches. Such
LogicalSwitch will not be exposed to vSphere user.
GLOBAL type LogicalSwitches are created to span multiple NSX domains to connect multiple
remote sites.
INTER_ROUTER type LogicalSwitches are policy-created LogicalSwitches which
provide inter-router connectivity.
DVPG type LogicalSwitches are NSX-created based on DVPGs found in VC which are used
as shadow objects in NSX on DVPG.
string Enum: DEFAULT, SERVICE_PLANE, DHCP_RELAY, GLOBAL, INTER_ROUTER, EVPN, DVPG
switching_profile_ids array of SwitchingProfileTypeIdEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zone_id Id of the TransportZone to which this LogicalSwitch is associated string Required
uplink_teaming_policy_name The name of the switching uplink teaming policy for the logical switch

This name has to be one of the switching uplink teaming policy names listed inside the logical switch's TransportZone. If this field is not specified, the logical switch will not have a teaming policy associated with it and the host switch's default teaming policy will be used.		 string
vlan VLAN Id of logical switch

This property is dedicated to VLAN based network, to set VLAN of logical
network. It is mutually exclusive with 'vlan_trunk_spec'.
VlanID
vlan_trunk_spec VLAN trunk spec of logical switch

This property is used for VLAN trunk specification of logical switch.
It's mutually exclusive with 'vlan'. Also it could be set to do guest VLAN
tagging in overlay network.
VlanTrunkSpec
vni VNI for this LogicalSwitch.

Only for OVERLAY network. A VNI will be auto-allocated from the
default VNI pool if not given; otherwise the given VNI has to be
inside the default pool and not used by any other LogicalSwitch.
int

LogicalSwitchDeleteParameters (schema) (Deprecated)

Name Description Type Notes
cascade Delete a Logical Switch and all the logical ports in it, if none of the logical ports have any attachment. boolean Default: "False"
detach Force delete a logical switch

If this is set to true, then logical switch is deleted
regardless of whether or not it is added to NSGroup.
If cascade is set to true in the meantime, then logical
switch and all logical ports are deleted regardless of
whether any logical port in this switch has attachments.
boolean Default: "False"

LogicalSwitchInfo (schema)

Name Description Type Notes
instances_count Number of instances on this logical switch integer Readonly
is_default_logical_switch Flag to identify if this is the default logical switch boolean Readonly
logical_switch_display_name Name of the logical switch string Readonly
logical_switch_id ID of the logical switch string Readonly
nsx_switch_tag This tag is applied on cloud compute resource to be attached to this logical switch string Readonly

LogicalSwitchListParameters (schema) (Deprecated)

Logical Switch list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
diagnostic Flag to enable showing of transit logical switch. boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
switch_type Logical Switch type string Enum: DEFAULT, SERVICE_PLANE, DHCP_RELAY, GLOBAL, INTER_ROUTER, EVPN, DVPG
switching_profile_id Switching Profile identifier string
transport_type Mode of transport supported in the transport zone for this logical switch TransportType
transport_zone_id Transport zone identifier string
uplink_teaming_policy_name The logical switch's uplink teaming policy name string
vlan Return VLAN logical switches whose "vlan" field matches this value VlanID
vni VNI of the OVERLAY LogicalSwitch(es) to return. int

LogicalSwitchListResult (schema) (Deprecated)

Logical Switch queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Logical Switch Results array of LogicalSwitch Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalSwitchListWithSourceParameters (schema)

Logical Switch list with data source parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
diagnostic Flag to enable showing of transit logical switch. boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
switch_type Logical Switch type string Enum: DEFAULT, SERVICE_PLANE, DHCP_RELAY, GLOBAL, INTER_ROUTER, EVPN, DVPG
switching_profile_id Switching Profile identifier string
transport_type Mode of transport supported in the transport zone for this logical switch TransportType
transport_zone_id Transport zone identifier string
uplink_teaming_policy_name The logical switch's uplink teaming policy name string
vlan Return VLAN logical switches whose "vlan" field matches this value VlanID
vni VNI of the OVERLAY LogicalSwitch(es) to return. int

LogicalSwitchMirrorSource (schema)

Name Description Type Notes
resource_type Must be set to the value LogicalSwitchMirrorSource MirrorSourceResourceType Required
switch_id Source logical switch identifier

Please note as logical port attached with vmk interface is unsupported
as mirror source, traffic from those ports on source logical switch will
not be mirrored.
string Required

LogicalSwitchParameters (schema)

Logical switch parameters

Logical switch parameters.

Name Description Type Notes
logical_switch_id logical switch identifier

logical switch identifier		 string

LogicalSwitchState (schema) (Deprecated)

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
logical_switch_id Id of the logical switch string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

LogicalSwitchStateListResult (schema) (Deprecated)

Logical Switch state queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Logical Switch State Results array of LogicalSwitchState Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

LogicalSwitchStateParameters (schema) (Deprecated)

Name Description Type Notes
status Realized state of logical switches string Enum: PENDING, IN_PROGRESS, PARTIAL_SUCCESS, SUCCESS

LogicalSwitchStatistics (schema)

Name Description Type Notes
dropped_by_security_packets PacketsDroppedBySecurity Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_switch_id The id of the logical Switch string Required
Readonly
mac_learning MacLearningCounters Readonly
rx_bytes DataCounter Readonly
rx_packets DataCounter Readonly
tx_bytes DataCounter Readonly
tx_packets DataCounter Readonly

LogicalSwitchStatus (schema) (Deprecated)

Name Description Type Notes
logical_switch_id Unique ID identifying the the Logical Switch string Readonly
num_logical_ports Count of Logical Ports belonging to this switch int Readonly

LogicalSwitchStatusSummary (schema)

Name Description Type Notes
filters The filters used to find the logical switches- TransportZone id, LogicalSwitchProfile id or TransportType array of Filter
fully_realized_switches The number of logical switches that are realized in all transport nodes. integer Required
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
total_switches The total number of logical switches. integer Required

LoginCredential (schema)

Base type for various login credential types

Name Description Type Notes
credential_type Login credential, for example username-password-thumbprint, certificate or session based, etc

Possible values are 'UsernamePasswordLoginCredential', 'VerifiableAsymmetricLoginCredential', 'SessionLoginCredential'.		 string Required

LoginLogoutEventCollection (schema)

Login/Logout event Collection

Collection of Login/Logout events reported to Policy

Name Description Type Notes
login_logout_events Set of user to IP address pair array of LoginLogoutEventMap Required

LoginLogoutEventMap (schema)

User Login/Logout event Map

Name Description Type Notes
domain_name Domain name string Required
event_source string Required
Enum: LI
event_time EpochMsTimestamp Required
event_type string Required
Enum: LOGIN, LOGOUT
ip_address IP Address of user IPAddress Required
user_name User name string Required

MACAddress (schema)

MAC Address

A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case,
separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB.

Name Description Type Notes
MACAddress MAC Address

A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case,
separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB.
string Format: mac-address

MACAddressElement (schema)

MAC Address

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
mac_address MACAddress Required

MACAddressElementListResult (schema)

Collection of MAC address elements

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results MAC address element list array of MACAddressElement Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MACAddressExpression (schema)

MAC address expression node

Represents MAC address expressions in the form of an array, to support addition of MAC addresses in a group. Avoid creating groups with multiple MACAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression. To group MAC addresses, use nested groups instead of multiple MACAddressExpression.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mac_addresses Array of MAC addresses

This array can consist of one or more MAC addresses.		 array of MACAddress Required
Minimum items: 1
Maximum items: 4000
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value MACAddressExpression string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

MACAddressList (schema)

MAC Address members.

List of MAC Addresses.

Name Description Type Notes
mac_addresses Array of MAC addresses

The array contains MAC addresses.		 array of MACAddress Required
Minimum items: 1
Maximum items: 4000

MACSet (schema)

Set of one or more MAC addresses

MACSet is used to group individual MAC addresses. MACSets can be used as
sources and destinations in layer2 firewall rules. These can also be used as
members of NSGroups.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mac_addresses MAC addresses array of MACAddress Maximum items: 4000
resource_type Must be set to the value MACSet string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

MACSetDeleteRequestParameters (schema)

MACSet delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

MACSetListRequestParameters (schema)

MACSet list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MACSetListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of MACSets array of MACSet Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MPAConfigProperties (schema)

Information about the management plane this node is communciating with

Name Description Type Notes
AccountName The account name to use when authenticating to the management plane's message bus. string or null
RmqBrokerCluster The list of messaging brokers this controller is configured with. array of BrokerProperties
RmqClientType The nodes client type. string or null
SharedSecret The shared secret to use when autnenticating to the management plane's message bus. Not returned in REST responses. string
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly

MPPolicyPromotionHistory (schema)

Contain mp to policy promotion history.

Name Description Type Notes
date_time Date and and time of the promotion operation.

Date and and time of the promotion operation. The date and time is stored in epoch time format.
string Required
Readonly
status Represents the type of operation in the mp to policy promotion life cycle.

Represents the type of operation in the mp to policy promotion life cycle. Can be INITIATED, CANCELLED, PARTIAL_SUCCESS or SUCCESS.
string Required
Enum: INITIATED, CANCELLED, SUCCESS, PARTIAL_SUCCESS

MPPolicyPromotionHistoryList (schema)

List of MPPolicyPromotionHistory.

Name Description Type Notes
results Array of MPPolicyPromotionHistory.

Array of MPPolicyPromotionHistory.
array of MPPolicyPromotionHistory

MPPolicyPromotionState (schema)

Fetches MP Policy promotion state.

Provides information if system is currently going under mp policy promotion.

Name Description Type Notes
mp_policy_promotion MP Policy promotion state value.

Used to get the mp policy promotion state. If system is under mp to policy promotion, it will be PROMOTION_IN_PROGRESS else PROMOTION_NOT_IN_PROGRESS.State is CANCELLING_PROMOTION, if ongoing promotion is cancelled.		 string Required
Enum: PROMOTION_IN_PROGRESS, CANCELLING_PROMOTION, PROMOTION_NOT_IN_PROGRESS, CANCEL_FAILED

MPResource (schema)

Contains migration api request parameters

List of Manager Ids to migrate.

Name Description Type Notes
resource_ids Manager and policy resource id array.
array of MPResourceDetails Required
type Manager resource type to migrate.

Manager resource type to migrate.
string Required

MPResourceDetails (schema)

Contains manager resource details and policy resource id.

Contains manager and policy resource id.

Name Description Type Notes
linked_ids Linked resources.
array of MPResourceLinkedDetails
manager_id Manager resource id. string Required
metadata Resource metadata.
array of MPResourceMetadata
override Whether to skip/override the resource in case of multiple resource migration . By default. it will be skip. boolean
policy_id Policy resource id. string
policy_path Policy resource path. string
principle_identity Principle Identity to be used for MP to Policy promotion in GENERIC workflow.

Principle Identity to be used for MP to Policy promotion in GENERIC workflow.This is internal only.
string

MPResourceLinkedDetails (schema)

Information about linked resource.

Information about linked resource.

Name Description Type Notes
key Associated resource type. string Required
value Resource id of the assocationed resource. string

MPResourceMetadata (schema)

Resource metadata.

Resource metadata.

Name Description Type Notes
key Resource metadata key.

It has to be one of the attribute of targeted policy intent.		 string Required
value Resource metadata value. string

MacAddressCsvListResult (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of MacTableCsvRecord

MacAddressListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_switch_id The id of the logical Switch string Required
Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of MacTableEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
transport_node_id Transport node identifier string Readonly

MacAddressType (schema)

The type of the MAC address

Name Description Type Notes
MacAddressType The type of the MAC address string Enum: STATIC, LEARNED

MacDiscoveryProfile (schema)

Mac Discovery Profile

Mac Discovery Profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mac_change_enabled Is rule enabled or not

Allowing source MAC address change		 boolean Default: "False"
mac_learning_aging_time Aging time in seconds for learned MAC address

Indicates how long learned MAC address remain.		 int Readonly
Default: "600"
mac_learning_enabled Is MAC learning enabled or not

Allowing source MAC address learning		 boolean Required
mac_limit Maximum number of MAC addresses learnt

The maximum number of mac addresses that can be learnt on this port when mac learning is enabled.
int Minimum: 0
Maximum: 4096
Default: "4096"
mac_limit_policy Mac Limit Policy

The policy after MAC Limit is exceeded		 string Enum: ALLOW, DROP
Default: "ALLOW"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
remote_overlay_mac_limit The maximum number of MAC addresses learned on an overlay Logical Switch

The maximum number of mac addresses learnt on an overlay logical switch, irrespective of whether mac learning
is enabled on the segment ports. When this limit is reached, traffic for mac addresses that are not learnt
will be flooded.
int Minimum: 2048
Maximum: 8192
Default: "2048"
resource_type Must be set to the value MacDiscoveryProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
unknown_unicast_flooding_enabled Is unknown unicast flooding rule enabled or not

Allowing flooding for unlearned MAC for ingress traffic		 boolean Default: "True"

MacDiscoveryProfileListRequestParameters (schema)

Mac Discovery Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MacDiscoveryProfileListResult (schema)

Paged collection of Mac Discovery Profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Mac Discovery profile list results array of MacDiscoveryProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MacLearningCounters (schema)

Name Description Type Notes
mac_not_learned_packets_allowed Number of dispatched packets with unknown source MAC address.

The number of packets with unknown source MAC address that are dispatched without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_ALLOW.		 integer
mac_not_learned_packets_dropped Number of dropped packets with unknown source MAC address.

The number of packets with unknown source MAC address that are dropped without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_DROP.		 integer
macs_learned Number of MACs learned integer

MacLearningSpec (schema) (Deprecated)

MAC learning configuration

Name Description Type Notes
aging_time Aging time in sec for learned MAC address int Readonly
Default: "600"
enabled Allowing source MAC address learning boolean Required
limit The maximum number of MAC addresses that can be learned on this port

This property specifies the limit on the maximum number of MAC
addresses that can be learned on a port. It is consumed by vswitch
kernel module on the hypervisor while learning MACs per port for
VMs that are local to the host.
int Minimum: 0
Maximum: 4096
Default: "4096"
limit_policy The policy after MAC Limit is exceeded string Enum: ALLOW, DROP
Default: "ALLOW"
remote_overlay_mac_limit The maximum number of MAC addresses learned on an overlay Logical Switch

This property specifies the limit on the maximum number of MACs
learned for a remote Virtual Machine's MAC to vtep binding per
overlay logical switch.
int Minimum: 2048
Maximum: 8192
Default: "2048"
unicast_flooding_allowed Allowing flooding for unlearned MAC for ingress traffic boolean Default: "True"

MacManagementSwitchingProfile (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
mac_change_allowed Allowing source MAC address change boolean Default: "False"
mac_learning MAC learning configuration MacLearningSpec
required_capabilities array of string Readonly
resource_type Must be set to the value MacManagementSwitchingProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

MacPool (schema)

A collection of ranges of MAC addresses

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ranges Array of ranges for MAC addresses array of MacRange Required
resource_type Must be set to the value MacPool string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

MacPoolListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results MAC pool list results array of MacPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MacRange (schema)

A range of MAC addresses with a start and end value

Name Description Type Notes
end End value of MAC range

End value for MAC address range		 MACAddress Required
start Start value of MAC range

Start value for MAC address range		 MACAddress Required

MacTableCsvRecord (schema)

Name Description Type Notes
mac_address The MAC address string Required
rtep_group_id Remote tunnel endpoint(RTEP) group id

RTEP group id is applicable when the logical switch is stretched
across multiple sites. When rtep_group_id is set, mac_address
represents remote mac_address.
integer
vtep_group_id Virtual tunnel endpoint(VTEP) group id

VTEP group id is applicable when the logical switch is stretched
across multiple sites. When vtep_group_id is set, mac_address
represents remote mac_address.
integer
vtep_ip The virtual tunnel endpoint IP address IPAddress
vtep_mac_address The virtual tunnel endpoint MAC address string

MacTableEntry (schema)

Name Description Type Notes
mac_address The MAC address string Required
rtep_group_id Remote tunnel endpoint(RTEP) group id

RTEP group id is applicable when the logical switch is stretched
across multiple sites. When rtep_group_id is set, mac_address
represents remote mac_address.
integer
vtep_group_id Virtual tunnel endpoint(VTEP) group id

VTEP group id is applicable when the logical switch is stretched
across multiple sites. When vtep_group_id is set, mac_address
represents remote mac_address.
integer
vtep_ip The virtual tunnel endpoint IP address IPAddress
vtep_mac_address The virtual tunnel endpoint MAC address string

MaintenanceModeParameters (schema)

transport node maintenance mode setting parameters

Name Description Type Notes
action User could use this parameter to put transport node into maintenance mode or exit from maintenance mode. 'enter_maintenance_mode' will put Transport Node into maintenance mode if there is no VIFs attached. 'forced_enter_maintenance_mode' will put transport node into maintenance mode forcibly regardless of whether or not VIF attached. 'exit_maintenance_mode' will exit from maintenance mode. string Enum: enter_maintenance_mode, forced_enter_maintenance_mode, exit_maintenance_mode

MaintenanceModePropertiesReply (schema)

Information about the Edge maintenance mode

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
maintenance_mode current maintenance mode string Readonly
Enum: enabled, disabled
Default: "disabled"

MaintenanceModePropertiesRequest (schema)

Information about the Edge maintenance mode

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
maintenance_mode current maintenance mode boolean
notify_mpa send notification to MPA boolean Default: "True"

MaintenanceModeState (schema)

maintenance mode state

Name Description Type Notes
MaintenanceModeState maintenance mode state string Readonly
Enum: ENTERING, ENABLED, EXITING, DISABLED

MalwarePreventionProfile (schema)

Malware Prevention Profile

MalwarePrevention Profile which contains the criteria to include Malware Prevention signatures.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
detection_type Detection Types

Represents how the Malware Prevention detection works.
string Required
Enum: SIGNATURE_BASED, SIGNATURE_AND_SANDBOXING_BASED
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
file_type File Type

Represents different type of files extensions supported in Malware Prevention.
array of FileType Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value MalwarePreventionProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

MalwarePreventionProfileListRequestParameters (schema)

Malware Prevention profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MalwarePreventionProfileListResult (schema)

Paged collection of Malware Prevention profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Malware Prevention profile list results array of MalwarePreventionProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MalwarePreventionSignature (schema)

Malware Prevention Signature

Malware Prevention Signature .

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
file_type File Type

File type of Signature.
string
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value MalwarePreventionSignature string
signature_id Signature ID

Represents the Signature's id.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

MalwarePreventionSignatureListRequestParameters (schema)

MalwarePrevention signature request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MalwarePreventionSignatureListResult (schema)

Paged collection of MalwarePrevention signatures

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results MalwarePrevention signature list results array of MalwarePreventionSignature Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ManagedResource (schema)

Base type for resources that are managed by API clients

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type The type of this resource. string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ManagedVnetInfo (schema)

Azure Managed VNet Information

Stores the account ID and VNet ID of the corresponding managed VNet. A managed VNet is a Azure compute VNet, which is NSX managed by a transit VNet.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
associated_account_ids Array of Cloud Account IDs

Cloud account ID related to the virtual private cloud.
array of string Required
Readonly
virtual_private_cloud_id Virtual Private Cloud ID

Virtual private cloud ID of the corresponding cloud.
string Required
Readonly
virtual_private_cloud_name Virtual Private Cloud name

Virtual private cloud name of the corresponding cloud.
string Required
Readonly

ManagedVpcInfo (schema)

AWS Managed VPC Information

Stores the account ID and VPC ID of the corresponding managed VPC. A managed VPC is a AWS compute VPC, which is NSX managed by a transit VPC.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
associated_account_ids Array of Cloud Account IDs

Cloud account ID related to the virtual private cloud.
array of string Required
Readonly
virtual_private_cloud_id Virtual Private Cloud ID

Virtual private cloud ID of the corresponding cloud.
string Required
Readonly
virtual_private_cloud_name Virtual Private Cloud name

Virtual private cloud name of the corresponding cloud.
string Required
Readonly

ManagementClusterNodeStatus (schema)

Name Description Type Notes
mgmt_cluster_status Status of this node's connection to the management cluster ClusteringStatus Readonly

ManagementClusterRoleConfig (schema)

Name Description Type Notes
api_listen_addr The IP and port for the public API service on this node ServiceEndpoint Readonly
appliance_connection_info The IP, port and certificate for connecting to appliance. ServiceEndpoint Readonly
mgmt_cluster_listen_addr The IP and port for the management cluster service on this node ServiceEndpoint Readonly
mgmt_plane_listen_addr The IP and port for the management plane service on this node ServiceEndpoint Readonly
mpa_msg_client_info MsgClientInfo
type Type of this role configuration string Required
Readonly
Enum: ManagementClusterRoleConfig, ControllerClusterRoleConfig

ManagementClusterStatus (schema)

Name Description Type Notes
offline_nodes Current missing management plane nodes array of ManagementPlaneBaseNodeInfo Readonly
online_nodes Current alive management plane nodes array of ManagementPlaneBaseNodeInfo Readonly
required_members_for_initialization The details of the cluster nodes required for cluster initialization array of ClusterInitializationNodeInfo Readonly
status The current status of the management cluster string Readonly
Enum: INITIALIZING, UNSTABLE, DEGRADED, STABLE, UNKNOWN

ManagementConfig (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
publish_fqdns True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability. boolean Required

ManagementNodeAggregateInfo (schema)

Name Description Type Notes
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
id Unique identifier of this resource string Readonly
node_interface_properties Array of Node interface statistic properties array of NodeInterfaceProperties Readonly
node_interface_statistics Array of Node network interface statistic properties array of NodeInterfaceStatisticsProperties Readonly
node_status ClusterNodeStatus Readonly
node_status_properties Time series of the node's system properties array of NodeStatusProperties
role_config ManagementClusterRoleConfig Readonly
transport_nodes_connected integer Readonly
Minimum: 0

ManagementPlaneBaseNodeInfo (schema)

The basic node info of management plane node

Name Description Type Notes
mgmt_cluster_listen_ip_address The IP address of MP node string Readonly
uuid Management plane node UUID string Readonly

ManagementPlaneBrokerProperties (schema)

Information about a management plane node this controller is configured to communicate with

Name Description Type Notes
host IP address or hostname of the message bus broker on the management plane node. HostnameOrIPv4Address Required
port Port number of the message bus broker on the management plane node. integer Minimum: 0
Maximum: 65535
Default: "5671"
thumbprint Certificate thumbprint of the message bus broker on the management plane node. string Required

ManagementPlaneProperties (schema)

Information about the management plane this controller is communciating with

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
account The account name to use when authenticating to the management plane's message bus. string or null
brokers The list of messaging brokers this controller is configured with. array of ManagementPlaneBrokerProperties
secret The shared secret to use when autnenticating to the management plane's message bus. Not returned in REST responses. string

MandatoryAccessControlProperties (schema)

Information about mandatory access control

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
enabled Enabled can be True/False boolean
status current status of Mandatory Access Control string Readonly
Enum: ENABLED, DISABLED, ENABLED_PENDING_REBOOT

ManualHealthCheck (schema)

Manual Health Check

Describes a manual check to evaluate the status of a transport zone.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
operation_status Operation Status

The operation status for health check
string Readonly
Enum: IN_PROGRESS, FINISHED
resource_type Must be set to the value ManualHealthCheck string
result HealthCheckResult Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zone_id Transport Zone ID

The entity ID works as a filter param. Entity ID and entity type should
be both provided or not at a query.
string Required
vlans Specificied VLANs

VLANs specificied for manual health check
HealthCheckSpecVlans Required

ManualHealthCheckListResult (schema)

List of Manual Health Checks

Manual health check list result for query with list parameters.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Manual Health Check List array of ManualHealthCheck Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MemberAction (schema)

Name Description Type Notes
action Specifies addition or removal action string Required
Enum: ADD_MEMBERS, REMOVE_MEMBERS

MemoryReservation (schema)

Relative to the form factor pre-defined reservation value. To reduce
reservation of a VM to 50 percent, a user may specify 50 instead of the
absolute number relevant for the edge form factor.

Name Description Type Notes
reservation_percentage Memory reservation percentage.

Memory reserved relative to the default reservation of 100 percent.
For example, take an edge virtual machine of medium form factor.
By default, an edge of medium form factor is configured with 8 GB of
memory and with reservation of 100 percent. So, 8 GB of memory is
reserved. If you specify reservation_percentage value as 50 percent,
then 4 GB of memory will be reserved.
int Minimum: 0
Maximum: 100
Default: "100"

MessagingClientInfo (schema)

Name Description Type Notes
account_name Account name in messaging client string
client_type Type of messaging client string Enum: MPA, HOST

MetadataProxy (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attached_logical_port_id id of attached logical port string Readonly
crypto_protocols metadata proxy supported cryptographic protocols.

The cryptographic protocols listed here are supported by the metadata proxy.
The TLSv1.1 and TLSv1.2 are supported by default.
array of MetadataProxyCryptoProtocol
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_id edge cluster uuid string Required
edge_cluster_member_indexes edge cluster member indexes

If none is provided, the NSX will auto-select two edge-nodes from the given edge cluster.
If user provides only one edge node, there will be no HA support.
array of integer Minimum items: 0
Maximum items: 2
enable_standby_relocation Flag to enable standby Metadata proxy server relocation

Flag to enable the auto-relocation of standby Metadata Proxy in
case of edge node failure. Only tier 1 and auto placed Metadata
Proxy are considered for the relocation.
boolean Default: "False"
id Unique identifier of this resource string Sortable
metadata_server_ca_ids uuids of CAs to verify metadata server certificate

The CAs referenced here must be uploaded to the truststore using the API
POST /api/v1/trust-management/certificates?action=import.
User needs to ensure a correct CA for this metedata server is used. The REST API can
not detect a wrong CA which was used to verify a different server. If the Metadata
Proxy reports an ERROR or NO_BACKUP status, user can check the metadata proxy log
at transport node for a possible CA issue.
array of string
metadata_server_url metadata server url

The URL in format scheme://host:port/path. Please note, the scheme supports only http
and https as of now, port supports range 3000 - 9000, inclusive.
string Required
resource_type Must be set to the value MetadataProxy string
secret secret to access metadata server string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

MetadataProxyConfig (schema)

Metadata Proxy Configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
crypto_protocols Metadata proxy supported cryptographic protocols

The cryptographic protocols listed here are supported by the metadata proxy. TLSv1.1 and TLSv1.2 are supported by default		 array of MetadataProxyCryptoProtocols
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_path Poilcy path to Edge Cluster

Edge clusters configured on MP are auto-discovered by Policy and create corresponding read-only intent objects.		 string Required
enable_standby_relocation Flag to enable standby relocation

Only auto-placed metadata proxies are considered for relocation. Must be FALSE, when the preferred_edge_paths property is configured.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
preferred_edge_paths Preferred Edge Paths

Edge nodes should be members of edge cluster configured in edge_cluster_path.		 array of string Maximum items: 2
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value MetadataProxyConfig string
secret Secret

Secret word or phrase to access metadata server.		 string Required
server_address Server Address

This field is a URL. Example formats - http://1.2.3.4:3888/path, http://text-md-proxy:5001/. Port number should be between 3000-9000.		 string Required
server_certificates Policy paths to Certificate Authority (CA) certificates

Valid certificates should be configured. The validity of certificates is not checked. Certificates are managed through /infra/certificates API on Policy.		 array of string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

MetadataProxyConfigListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of metadata proxy configurations array of MetadataProxyConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MetadataProxyCryptoProtocol (schema) (Deprecated)

Metadata proxy supported cryptographic protocol

Name Description Type Notes
MetadataProxyCryptoProtocol Metadata proxy supported cryptographic protocol string Deprecated
Enum: TLS_V1, TLS_V1_1, TLS_V1_2

MetadataProxyCryptoProtocols (schema)

Metadata proxy supported cryptographic protocol

Name Description Type Notes
MetadataProxyCryptoProtocols Metadata proxy supported cryptographic protocol string Enum: TLS_V1, TLS_V1_1, TLS_V1_2
Default: "TLS_V1_2"

MetadataProxyListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results paginated list of metadata proxies array of MetadataProxy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MetadataProxyRuntimeRequestParameters (schema)

Request Parameters for Metadata Proxy Runtime Information

Request parameters that represents a segment path and enforcement_point_path.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
segment_path String Path of the segment which is associated with this metadata proxy string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

MetadataProxyStatistics (schema) (Deprecated)

Name Description Type Notes
metadata_proxy_id metadata proxy uuid string Required
statistics metadata proxy statistics per logical switch array of MetadataProxyStatisticsPerLogicalSwitch
timestamp timestamp of the statistics EpochMsTimestamp Required

MetadataProxyStatisticsPerLogicalSwitch (schema) (Deprecated)

Name Description Type Notes
error_responses_from_nova_server error responses from nova server integer Required
logical_switch_id uuid of attached logical switch string Required
requests_from_clients requests from clients integer Required
requests_to_nova_server requests to nova server integer Required
responses_to_clients responses to clients integer Required
succeeded_responses_from_nova_server succeeded responses from nova server integer Required

MetadataProxyStatisticsPerSegment (schema)

Name Description Type Notes
error_responses_from_nova_server error responses from nova server integer Required
requests_from_clients requests from clients integer Required
requests_to_nova_server requests to nova server integer Required
responses_to_clients responses to clients integer Required
segment_path Policy path of the attached segment string Required
succeeded_responses_from_nova_server succeeded responses from nova server integer Required

MetadataProxyStatisticsRequestParameters (schema) (Deprecated)

Name Description Type Notes
logical_switch_id The uuid of logical switch string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

MetadataProxyStatus (schema) (Deprecated)

Name Description Type Notes
error_message Error message, if available string
proxy_status UP means the metadata proxy is working fine on both transport-nodes(if have);
DOWN means the metadata proxy is is down on both transport-nodes(if have),
hence the metadata proxy will not repsonse any metadata request;
Error means error happens on transport-node(s) or no status is reported from
transport-node(s). The metadata proxy may be working (or not working);
NO_BACK means metadata proxy is working in one of the transport node while
not in the other transport-node (if have). Hence if the metadata proxy in
the working transport-node goes down, the metadata proxy will go down.
string Required
Enum: UP, DOWN, ERROR, NO_BACKUP
transport_nodes ids of transport nodes where this metadata proxy is running

Order of the transport nodes is insensitive because Metadata Proxy
is running in Active-Active mode among target transport nodes.
array of string Required

MgmtClusterConfig (schema)

Name Description Type Notes
cluster_configurations Cluster Configuration(s)

List of cluster configurtation(s).		 array of MgmtListenAddr Required

MgmtConnStatus (schema)

Name Description Type Notes
connectivity_status Indicates the controller node's MP channel connectivity status string Readonly
Enum: CONNECTED, DISCONNECTED, UNKNOWN

MgmtListenAddr (schema)

Name Description Type Notes
certificate certificate

Service endpoint certificate.		 string
certificate_sha256_thumbprint SHA-256 Thumbprint

SHA-256 thumbprint of certificate.		 string
entities_hosted Entities hosted

List of hosted entities accessible through the service endpoint		 array of HostedEntityInfo Readonly
fqdn FQDN

Fully Qualified Domain Name of service endpoint.		 string
ip_address IP Address

IP address of the service endpoint.		 IPAddress
name Name

Name of the NSX service.		 string
port Port

Port number of the service endpoint.		 integer Minimum: 0
Maximum: 65535
service_endpoint_uuid Service endpoint UUID

Unique identifier of the service endpoint		 string Readonly

MigratedObject (schema)

Migrated resource.

Name Description Type Notes
parent_resource_id Parent resource id.

Parent resource id.
string
parent_resource_type Parent resource type.

Parent resource type.
string
policy_id Policy id.

Policy id.
string
policy_path Policy path.

Policy path.
string
resource_id Resource id.

Resource id.
string
resource_type Resource type.

Resource type.
string

MigratedObjectListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Migrated resource list results.

Migrated resource list results.
array of MigratedObject Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigratedResourceListParameters (schema)

Migrated Resource list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_id Resource id

Resource id.
string
resource_type Resource type

Resource type.
string Required
Enum: IPBLOCK, IPPOOL, IPBLOCK_SUBNET, IPPOOL_ALLOCATION, TIER0, TIER1, TIER0_LOGICAL_ROUTER_PORT, TIER1_LOGICAL_ROUTER_PORT, TIER0_LOGICAL_ROUTER_CONFIG, SPOOFGUARD_PROFILES, LOGICAL_SWITCH, LOGICAL_PORT, NAT, IP_SET, NS_GROUP, CERTIFICATE, CRL, LB_MONITOR, LB_POOL, LB_PERSISTENCE_PROFILE, LB_APPLICATION_PROFILE, LB_SERVICE, LB_CLIENT_SSL_PROFILE, LB_VIRTUAL_SERVER, DFW_SECTION
sort_ascending boolean
sort_by Field by which records are sorted string

MigrationComponentTypeListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which migration unit groups to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MigrationDataDownloadRequest (schema)

Name Description Type Notes
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string
file_type Type of the Migration data file that needs to be downloaded. string Required
Enum: VRA_INPUT, VRA_OUTPUT, EDGE_CUTOVER_MAPPING, BYOT_L3_MAPPING, AVI_LB_MAPPING

MigrationDataInfo (schema)

Name Description Type Notes
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string Readonly
file_location Absolute location of the file. string Readonly
file_type Type of the Migration data file for which info is requested. string Required
Readonly
Enum: VRA_INPUT, VRA_OUTPUT, EDGE_CUTOVER_MAPPING, BYOT_L3_MAPPING, AVI_LB_MAPPING
is_present Indicates if the file is present. boolean Required
Readonly

MigrationDataInfoRequest (schema)

Name Description Type Notes
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string
file_type Type of the Migration data file for which info is needed. string Required
Enum: VRA_INPUT, VRA_OUTPUT, EDGE_CUTOVER_MAPPING, BYOT_L3_MAPPING, AVI_LB_MAPPING

MigrationDataUploadRequest (schema)

Name Description Type Notes
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string
file Migration data file to upload. multipart_file Required
file_type Type of the Migration data file that is being uploaded. string Required
Enum: VRA_INPUT, EDGE_CUTOVER_MAPPING, BYOT_L3_MAPPING, AVI_LB_MAPPING

MigrationFeedbackCategory (schema)

Category of feedback for Migration

Categorization of feedback requests from the migration tool where user input is required.

Name Description Type Notes
accepted_values Acceptable values for this feedback request

List of acceptable values for this feedback request.		 array of string Readonly
category Functional area for the feedback query

Functional area that this query falls into.		 string Required
Readonly
count Total number of feedback requests for this functional area

Total number of feedback requests for this functional area.		 int Required
Readonly
resolved Count of resolved feedback requests for this functional area

Total number of resolved feedback requests for this functional area.		 int Required
Readonly

MigrationFeedbackRequest (schema)

Feedback detail required for Migration

Detailed feedback requests from the migration tool where user input is required.

Name Description Type Notes
accepted_actions Acceptable actions for this feedback request

List of acceptable actions for this feedback request.		 array of string Readonly
accepted_value_type Data type of the items listed in acceptable values

Data type of the items listed in acceptable values list.		 string Required
Readonly
accepted_values Acceptable values for this feedback request

List of acceptable values for this feedback request.		 array of string
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string Readonly
hash Identifier for a feedback request type

Identify a feedback request type across objects. This can be used to group together objects with similar feedback request and resolve them in one go.		 string Readonly
id UUID of the feedback request

Identifier of the feedback request.		 string Required
Readonly
message Content of feedback request

Detailed feedback request with options.		 string Required
Readonly
multi_value Indicates if multiple values can be selected as response

Indicates if multiple values can be selected as response from the list of acceptable value.		 boolean Required
Readonly
object_id UUID of the object

Identifier of the object for which feedback is requested.		 string Readonly
rejected Indicates if the previous feedback response was rejected

Indicates if previous response was invalid. Please provide a valid response.		 boolean Readonly
resolution Previous resolution details for this feedback request

If the feedback request was resolved earlier, provides details about the previous resolution.		 string Readonly
resolved Indicates if this feedback request has already been resolved

Indicates if a valid response already exist for this feedback request.		 boolean Readonly
sub_vertical Functional sub-area for the feedback query

Functional sub-area that this query falls into.		 string Required
Readonly
suggested_action Suggested action for this feedback request

The suggested action to resolve this feedback request.		 string Required
Readonly
suggested_value Suggested value for this feedback request

The suggested value to resolve this feedback request.		 string Required
Readonly
v_object_id Id of this object in the source NSX endpoint

Identifier for this object in the source NSX endpoint.		 string Required
Readonly
v_object_name Name of this object in the source NSX endpoint

Name of this object in the source NSX endpoint.		 string Required
Readonly
vertical Functional area for the feedback query

Functional area that this query falls into.		 string Required
Readonly

MigrationFeedbackRequestListResult (schema)

List of feedback required for Migration

List of detailed feedback requests from the migration tool where user input is required.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of feedback requests array of MigrationFeedbackRequest Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationFeedbackResponse (schema)

Feedback details required for Migration

Detailed feedback requests from the migration tool where user input is required.

Name Description Type Notes
action Action selected for feedback request

Action selected in response to the feedback request.		 string Required
id UUID of the feedback request

Identifier of the feedback request.		 string Required
value User input for the feedback query

User input provided in response to the feedback request.		 string
values User input with multiple values for the feedback query

User input provided in the form of a list of values in response to the feedback request.		 array of string

MigrationFeedbackResponseList (schema)

List of feedback reponse for Migration

List of detailed feedback response for the migration tool.

Name Description Type Notes
response_list List of feedback responses

List of feedback responses.		 array of MigrationFeedbackResponse Required

MigrationFeedbackSummaryListResult (schema)

List of feedback categories for Migration

List of feedback categories and count of requests in each category.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
feedback_resolution_job_status Feedback resolution job status string Readonly
Enum: RUNNING, NOT_RUNNING
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of feedback categories array of MigrationFeedbackCategory Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationGroupStatusListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
has_errors Flag to indicate whether to return only migration units with errors boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MigrationNodeInfoListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which nodes will be filtered string
component_version Component version based on which nodes will be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MigrationParameters (schema)

Transport node migration parameters.

Transport node migration parameters are mainly used for migrating NVDS transport node to VDS transport node.

Name Description Type Notes
skip_maintmode Skip Maintenance mode check

Skipping maintenance mode check before starting migration. This parameter
is only used by SDDC environment.
boolean Default: "False"

MigrationPlanResetRequest (schema)

Name Description Type Notes
component_type Component type string Required

MigrationPlanSettings (schema)

Name Description Type Notes
parallel Migration Method to specify whether the migration is to be performed serially or in parallel boolean Default: "True"
pause_after_each_group Flag to indicate whether to pause the migration after migration of each group is completed boolean Default: "False"
pause_on_error Flag to indicate whether to pause the migration plan execution when an error occurs boolean Default: "False"

MigrationSetupInfo (schema)

Details about source and destination NSX setup

Details about source and destination NSX setup to be migrated

Name Description Type Notes
avi_lb_endpoint AVI LB endpoint details

AVI LB endpoint details.		 AviEndPoint Readonly
create_segment_ports Flag to indicate whether to create missing segment ports boolean Default: "True"
destination_nsx Destination NSX API endpoint

IP address or hostname of the destination NSX API endpoint.		 DestinationNsxApiEndpoint
esg_to_router_mapping_option Mapping option

Mapping option can be - - UI - FILE_UPLOAD - NO_MAPPING		 string Readonly
Enum: UI, FILE_UPLOAD, NO_MAPPING
migration_mode Migration mode

Migration mode can be - - VMC_V2T - ONPREMISE_VSPHERE2T - ONPREMISE_V2T - CMP_VRA - FULL_MIGRATION_WITH_BYOT - FULL_MIGRATION_WITH_BYOT_ON_FEDERATION - FULL_MIGRATION_WITH_BYOT_AND_VRA - FULL_MIGRATION_WITH_BYOT_AND_VRA_ON_FEDERATION - CONFIG_MIGRATION_ONLY_WITH_BYOT - CONFIG_MIGRATION_ONLY_WITH_BYOT_ON_FEDERATION - EDGE_CUTOVER - DFW_ONLY - DFW_WITH_BRIDGED_SEG - DFW_AND_HOST_AND_WORKLOAD - DFW_AND_HOST_AND_WORKLOAD_WITH_BRIDGED_SEG		 string Enum: VMC_V2T, ONPREMISE_VSPHERE2T, ONPREMISE_V2T, CMP_VRA, FULL_MIGRATION_WITH_BYOT, FULL_MIGRATION_WITH_BYOT_ON_FEDERATION, FULL_MIGRATION_WITH_BYOT_AND_VRA, FULL_MIGRATION_WITH_BYOT_AND_VRA_ON_FEDERATION, CONFIG_MIGRATION_ONLY_WITH_BYOT, CONFIG_MIGRATION_ONLY_WITH_BYOT_ON_FEDERATION, EDGE_CUTOVER, DFW_ONLY, DFW_WITH_BRIDGED_SEG, DFW_AND_HOST_AND_WORKLOAD, DFW_AND_HOST_AND_WORKLOAD_WITH_BRIDGED_SEG
Default: "ONPREMISE_V2T"
nsxt_site_to_avi_mappings List of mappings between NSX-T site and Avi

List of mappings between NSX-T site and Avi. This will be populated only when the migration is executed on a cross VC setup.		 array of NsxtSiteToAviMapping Readonly
nsxt_sites Comprehensive information about NSX-T Federation setup

Comprehensive information about NSX-T multi site setup. This will be populated only when the migration is executed on a cross VC setup.		 array of NsxtSite Readonly
nsxv_sites Comprehensive information about NSX-V multi site setup

Comprehensive information about NSX-V multi site setup. This will be populated only when the migration is executed on a cross VC setup.		 array of SourceNsxApiEndpoint Readonly
source_nsx List of source NSX managers

List of source NSX manager endpoints.		 array of SourceNsxApiEndpoint
v2t_site_mappings List of mappings between NSX-V and NSX-T sites

List of site mappings between NSX-V and NSX-T. This will be populated only when the migration is executed on a cross VC setup.		 array of V2tSiteMapping Readonly

MigrationStats (schema)

Provide stats about ongoing MP2Policy promotion

Provide stats about ongoing MP2Policy promotion.

Name Description Type Notes
failed_objects_count failed mp resource count string
promoted_objects_count promoted mp resource count string
promotion_status Promotion status string Enum: NOT_STARTED, IN_PROGRESS, PROCESSING, DONE
resource_type Resource type string
total_count Total mp resource count string

MigrationStatsRequestParameters (schema)

MigrationStats Request Parameters

MigrationStats Request Parameters

Name Description Type Notes
location Location flag

Location flag corresponds to the version of stats. It can be
CURRENT - stats of current promotion
ARCHIVED - stats of previous promotion
string Enum: CURRENT, ARCHIVED
Default: "CURRENT"
pre_promotion Flag to indicate whether to get collection stats before triggering promotion

This flag is only used for UI consumption. By default it's false .
Flag to indicate whether to get stats before triggering promotion.
boolean Default: "False"

MigrationStatsResult (schema)

Name Description Type Notes
current_resource_type_in_promotion Current Resource Type in Promotion

This field used by UI which highlights the current resource type in promotion.
string
migration_stats Promotion stats list results.

Promotion stats list results.
array of MigrationStats
total_count Count of all objects being promoted.

Count of all objects being promoted. It is equal to sum of total_count for each
resource type.
integer

MigrationStatus (schema)

Name Description Type Notes
component_status List of component statuses array of ComponentMigrationStatus Required
Readonly
overall_migration_status Status of migration string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

MigrationStatusSummaryRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which migration units to be filtered string

MigrationSummary (schema)

Name Description Type Notes
component_target_versions array of ComponentTargetVersion Readonly
migration_coordinator_version Current version of migration coordinator string Required
Readonly
migration_status Status of migration string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
system_version Current system version string Required
Readonly
target_version Target system version string Required
Readonly

MigrationSwitchInfo (schema)

Details about switch to be migrated

Details about switch to be migrated

Name Description Type Notes
id Switch id

Switch Identifier.		 string Required
Readonly
kind Kind of switch

Kind of switch, can be DVS, VSS.		 string Enum: DVS, VSS
Default: "DVS"
name Switch name

Name of the switch.		 string
pnic_count PNIC count

Number of PNICs associated with this switch.		 int Readonly
version Switch version

Version of the switch to be migrated.		 string Readonly

MigrationSwitchListResult (schema)

Details about all the DVS and VSS present on the VC

Details about all the DVS and VSS present on the VC

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of DVS/VSS present on the VC

A paginated list of DVS/VSS present on the VC.		 array of MigrationSwitchInfo
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnit (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
current_version Current version of migration unit

This is component version e.g. if migration unit is of type HOST, then this is host version.		 string Readonly
display_name Name of the migration unit string
group Info of the group to which this migration unit belongs ResourceReference Readonly
id UUID of the migration unit

Identifier of the migration unit		 string Required
Readonly
metadata Metadata about migration unit array of KeyValuePair Readonly
type Migration unit type string
warnings List of warnings indicating issues with the migration unit that may result in migration failure array of string Readonly

MigrationUnitAggregateInfo (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
errors List of errors occurred during migration of this migration unit array of string Readonly
percent_complete Indicator of migration progress in percentage number Required
Readonly
status Status of migration unit string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
unit Migration unit info

Details of the migration unit		 MigrationUnit Required
Readonly

MigrationUnitAggregateInfoListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which migration units to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
group_id Identifier of group based on which migration units to be filtered string
has_errors Flag to indicate whether to return only migration units with errors boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
metadata Metadata about migration unit to filter on string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
selection_status Flag to indicate whether to return only selected, only deselected or both type of migration units string Enum: SELECTED, DESELECTED, ALL
Default: "ALL"
sort_ascending boolean
sort_by Field by which records are sorted string

MigrationUnitAggregateInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of MigrationUnit AggregateInfo array of MigrationUnitAggregateInfo Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnitGroup (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to indicate whether migration of this group is enabled or not boolean Default: "True"
extended_configuration Extended configuration for the group array of KeyValuePair Maximum items: 100
id Unique identifier of this resource string Sortable
migration_unit_count Count of migration units in the group

Number of migration units in the group		 int Readonly
migration_units List of migration units in the group array of MigrationUnit Maximum items: 100
parallel Migration method to specify whether the migration is to be performed in parallel or serially boolean Default: "True"
resource_type Must be set to the value MigrationUnitGroup string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Component type string Required

MigrationUnitGroupAggregateInfo (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
failed_count Number of nodes in the migration unit group that failed migration int Readonly
group Migration unit group details MigrationUnitGroup Required
id Unique identifier of this resource string Sortable
percent_complete Indicator of migration progress in percentage number Required
Readonly
resource_type Must be set to the value MigrationUnitGroupAggregateInfo string
status Migration status of migration unit group string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

MigrationUnitGroupAggregateInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of migration status for migration unit groups array of MigrationUnitGroupAggregateInfo Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnitGroupListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which migration unit groups to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
summary Flag indicating whether to return summary boolean Default: "False"
sync Synchronize before returning migration unit groups

If true, synchronize with the management plane before returning migration unit groups		 boolean Default: "False"

MigrationUnitGroupListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Migration unit groups array of MigrationUnitGroup Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnitGroupStatus (schema)

Name Description Type Notes
failed_count Number of nodes in the migration unit group that failed migration int Readonly
group_id UUID of migration unit group

Identifier for migration unit group		 string Required
Readonly
group_name Migration unit group Name

Name of the migration unit group		 string Required
Readonly
migration_unit_count Number of migration units in the group int Required
Readonly
percent_complete Indicator of migration progress in percentage number Required
Readonly
status Migration status of migration unit group string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

MigrationUnitGroupStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of migration status for migration unit groups array of MigrationUnitGroupStatus Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnitList (schema)

Name Description Type Notes
list Collection of Migration units array of MigrationUnit Required

MigrationUnitListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which migration units to be filtered string
current_version Current version of migration unit based on which migration units to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
group_id UUID of group based on which migration units to be filtered string
has_warnings Flag to indicate whether to return only migration units with warnings boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
metadata Metadata about migration unit to filter on string
migration_unit_type Migration unit type based on which migration units to be filtered string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

MigrationUnitListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Migration units array of MigrationUnit Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnitStatus (schema)

Name Description Type Notes
display_name Name of migration unit string Required
Readonly
errors List of errors occurred during migration of this migration unit array of string Readonly
id UUID of migration unit

Identifier of migration unit		 string Required
Readonly
percent_complete Indicator of migration progress in percentage number Required
Readonly
status Status of migration unit string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

MigrationUnitStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of migration units status array of MigrationUnitStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnitTypeStats (schema)

Name Description Type Notes
node_count Number of nodes int Required
Readonly
node_with_issues_count Number of nodes with issues that may cause migration failure int Readonly
type Type of migration unit string Required
Readonly
version Version of the migration unit string Required
Readonly

MigrationUnitTypeStatsList (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of migration unit type stats array of MigrationUnitTypeStats Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MigrationUnitsStatsRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
sync Synchronize before returning migration unit stats

If true, synchronize with the management plane before returning migration unit stats		 boolean Default: "False"

MirrorDestination (schema)

This is an abstract type. Concrete child types:
IPMirrorDestination
LogicalPortMirrorDestination
PnicMirrorDestination

Name Description Type Notes
resource_type MirrorDestinationResourceType Required

MirrorDestinationResourceType (schema)

Resource types of mirror destination

Name Description Type Notes
MirrorDestinationResourceType Resource types of mirror destination string Enum: LogicalPortMirrorDestination, PnicMirrorDestination, IPMirrorDestination

MirrorSource (schema)

This is an abstract type. Concrete child types:
LogicalPortMirrorSource
LogicalSwitchMirrorSource
PnicMirrorSource
VlanMirrorSource

Name Description Type Notes
resource_type MirrorSourceResourceType Required

MirrorSourceResourceType (schema)

Resource types of mirror source

Name Description Type Notes
MirrorSourceResourceType Resource types of mirror source string Enum: LogicalPortMirrorSource, PnicMirrorSource, VlanMirrorSource, LogicalSwitchMirrorSource

MirrorStackStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
overall_status Overall mirror stack status for all the TNs

SUCCESS if all the TN's stack status are SUCCESS,
FAILED if some of the TN's stack status are FAILED.
MirrorStackStatusType Required
result_count Count of results found (across all pages), set only on first page integer Readonly
results All TN nodes in remote L3 mirror session mirror stack health status

List all TN nodes which spaned in remote L3 mirror session mirror
stack health status detailed info, including mirror stack status,
vmknic status, TN node ID, TN node name and last updated status timestamp.
array of TnNodeStackSpanStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

MirrorStackStatusType (schema)

Mirror stack status type

MirrorStackStatusType indicates the health result after user configured mirror stack
on L3PortMirrorSession.
When configure mirror stack on L3PortMirrorSession, it has two preconditions, ESXi
has been configured mirror stack and vmknic has been bounded to the stack.
SUCCESS means the host has mirror stack and vmknic has been bounded to the stack,
FAILED means either there is no mirror stack or the vmknic not bounded to it.

Name Description Type Notes
MirrorStackStatusType Mirror stack status type

MirrorStackStatusType indicates the health result after user configured mirror stack
on L3PortMirrorSession.
When configure mirror stack on L3PortMirrorSession, it has two preconditions, ESXi
has been configured mirror stack and vmknic has been bounded to the stack.
SUCCESS means the host has mirror stack and vmknic has been bounded to the stack,
FAILED means either there is no mirror stack or the vmknic not bounded to it.
string Enum: UNKNOWN, SUCCESS, FAILED

MitreAttack (schema)

Mitre Attack

Contain Mitre attack details like tacticName, tacticUrl, techniqueName and techniqueUrl.

Name Description Type Notes
tactic_name Tactic Name

Represents tactic name of attack.		 string
tactic_url Tactic Url

Represents tactic url of attack.		 string
technique_name Technique Name

Represents technique name of attack.		 string
technique_url Technique Url

Represents technique url of attack.		 string

MonitorQueryType (schema) (Deprecated)

monitor query type

MonitorQueryType is used to query load balancer monitors.
LbActiveMonitor represents active load balancer monitors.
While LbActiveMonitor is specified to query load balancer
monitors, it returns all active monitors, including LbHttpMonitor,
LbHttpMonitor, LbIcmpMonitor, LbTcpMonitor,
LbUdpMonitor.

Name Description Type Notes
MonitorQueryType monitor query type

MonitorQueryType is used to query load balancer monitors.
LbActiveMonitor represents active load balancer monitors.
While LbActiveMonitor is specified to query load balancer
monitors, it returns all active monitors, including LbHttpMonitor,
LbHttpMonitor, LbIcmpMonitor, LbTcpMonitor,
LbUdpMonitor.
string Deprecated
Enum: LbHttpMonitor, LbHttpsMonitor, LbIcmpMonitor, LbTcpMonitor, LbUdpMonitor, LbPassiveMonitor, LbActiveMonitor

MonitorType (schema) (Deprecated)

monitor type

Load balancers monitor the health of backend servers to ensure traffic
is not black holed.
There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.

Name Description Type Notes
MonitorType monitor type

Load balancers monitor the health of backend servers to ensure traffic
is not black holed.
There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
string Deprecated
Enum: LbHttpMonitor, LbHttpsMonitor, LbIcmpMonitor, LbTcpMonitor, LbUdpMonitor, LbPassiveMonitor

MonitoringError (schema)

Represents an error that occurred while gathering information

Monitoring information is gathered from multiple sub-systems/components, using
REST or RPC calls internally. It is quite possible for a component or sub-system
fail, in which case it is captured as an error and reported.

Name Description Type Notes
error_code NSX error code if available integer
error_message Error mesage string
params Parameters for construcing error details array of object

MonitoringEvent (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Detailed description of Event

Detailed description of the event.
string Readonly
description_on_clear Description of event when cleared

Description of Event when an Event instance transitions from True to
False.
string Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
entity_resource_type Resource Type of entity where this event is applicable

Resource Type of entity where this event is applicable
eg. LogicalSwitch, LogicalPort etc.
string Readonly
event_false_snmp_oid OID for SNMP trap sent when Event instance is False

Optional field containing OID for SNMP trap sent when
Event instance is False. This value is null if
suppress_snmp_trap or suppress_clear_oid is True.
string Readonly
event_true_snmp_oid OID for SNMP trap sent when Event instance is True

Optional field containing OID for SNMP trap sent when
Event instance is True. This value is null if
suppress_snmp_trap is True.
string Readonly
event_type Name of event type

Name of Event, e.g. manager_cpu_usage_high, certificate_expired.
string Required
Readonly
event_type_display_name Display name of event type

Display name of Event type.
string Required
Readonly
feature_display_name Display name of feature

Display name of feature defining this Event.
string Required
Readonly
feature_name Feature defining this event

Feature defining this Event, e.g. manager_health, certificates.
string Required
Readonly
id Identifier to identify an event_type uniquely

Unique identifier in the form of feature_name.event_type.
string Required
Readonly
is_disabled Indicate if event sampling is disabled

Flag to indicate whether sampling for this Event is off or on.
boolean Default: "False"
is_sensitivity_fixed Flag to indicate if sensitivity can be configured

Indicates if the sensitivity property is configurable via the API.
boolean Readonly
is_threshold_fixed Flag to indicate if threshold can be configured

Indicates if the threshold property is configurable via the API.
boolean Readonly
is_threshold_floating_point Indicates if the threshold for this Event is a floating point value.

Flag to indicate if the threshold for this Event is a floating point
number. If this value is true, the threshold_floating_point property
is used to indicate the threshold at runtime; otherwise, the threshold
property is used.
boolean Readonly
max_threshold Maximum allowed threshold value

Maximum allowed threshold value if the threshold is configurable
and a maximum value is applicable.
integer Readonly
min_threshold Minimum allowed threshold value

Minimum allowed threshold value if the threshold is configurable
and a minimum value is applicable.
integer Readonly
node_types Array identifying the nodes on which this Event is applicable

Array identifying the nodes on which this Event is applicable.
Can be one or more of the following values - nsx_public_cloud_gateway,
nsx_edge, nsx_esx, nsx_kvm, nsx_manager.
array of MonitoringNodeType Required
Readonly
recommended_action Recommended action steps

Recommended action for the alarm condition.
string Readonly
resource_type Must be set to the value MonitoringEvent string
sensitivity Percentage of samples to consider

Percentage of samples to consider and used in combination with
threshold when determining whether an Event instance status is True or
False. Event evaluation uses sampling to determine Event instance
status. A higher sensitivity value specifies that more samples are used
to ensure accuracy and ignore infrequent or rare spikes in sampled data.
integer Required
Minimum: 0
Maximum: 100
severity Severity of the Event

Severity of the Event.Can be one of - CRITICAL, HIGH, MEDIUM, LOW.
MonitoringSeverity Required
Readonly
summary Summary description of Event

Summary description of the event.
string Readonly
suppress_alarm Flag to suppress Alarm generation

Flag to suppress Alarm generation. Alarms are not generated
for this Event when this is set to True.
boolean Default: "False"
suppress_snmp_trap Flag to suppress SNMP trap generation

Flag to suppress SNMP trap generation. SNMP traps are not
sent for this Event when this is set to True.
boolean Default: "False"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
threshold Threshold to determine if a single sample is True

Threshold to determine if a single sample is True. For example,
if the configured threshold is 95% and the current CPU sample is
99%, then the current sample is considered True.
Note, if is_threshold_floating_point is true, the threshold_floating_point
property is used to indicate the threshold value.
integer Required
threshold_floating_point Floating point threshold to determine if a single sample is True

Floating point threshold to determine if a single sample is True.
For example, if the configured threshold is 66.6 percent and the
sample value is 68.8 percent, the current sample is considered
True. Note, if is_threshold_floating_point is false, the threshold
property is used to indicate the threshold value.
number
threshold_unit_type Identifies the unit type of the threshold value

Identifies the unit type of the threshold value.		 string Readonly
Enum: DAYS, PERCENT, SECONDS

MonitoringInfo (schema)

Provides details of all flows in federation

Provides monitoring information for all flows in federation from the
given site where the API is invoked. For example - monitoring information
from Global Manager doesn't provide details of Local Manager to Local Manager
flows. Similary, LocalManager will not provide Global Manager ACTIVE to
Global Manager STANDBY flow details.

Name Description Type Notes
errors All errors occurred while gathering monitoring info array of MonitoringError
flow_info Monitoring information of flows in federation array of FlowInfo

MonitoringNodeType (schema)

Name Description Type Notes
MonitoringNodeType string Enum: nsx_autonomous_edge, nsx_bms, nsx_edge, nsx_esx, nsx_global_manager, nsx_intelligence, nsx_kvm, nsx_manager, nsx_public_cloud_gateway

MonitoringProfileBindingMap (schema)

Base Monitoring Profile Binding Map

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value MonitoringProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

MonitoringSeverity (schema)

Name Description Type Notes
MonitoringSeverity string Enum: CRITICAL, HIGH, MEDIUM, LOW

MonitoringStatus (schema)

Name Description Type Notes
MonitoringStatus string Enum: OPEN, ACKNOWLEDGED, SUPPRESSED, RESOLVED

MonthlyTelemetrySchedule (schema)

Name Description Type Notes
day_of_month Day of month on which data will be collected

Day of month on which data will be collected. Specify a value between 1 through 31.
integer Required
Minimum: 1
Maximum: 31
frequency_type Must be set to the value MonthlyTelemetrySchedule string Required
hour_of_day Hour at which data will be collected

Hour at which data will be collected. Specify a value between 0 through 23.
integer Required
Minimum: 0
Maximum: 23
minutes Minute at which data will be collected

Minute at which data will be collected. Specify a value between 0 through 59.
integer Minimum: 0
Maximum: 59
Default: "0"

MpMigrationData (schema)

Contains manager and policy resource id.

Name Description Type Notes
migration_data migration data ( resource type and Ids ). array of MPResource
mode Mode of MP2Policy migration string Enum: GENERIC, CONSUMER
Default: "CONSUMER"
setup_details Setup Details.

If setup details is not provided, default setup details will be used.
SetupDetails
skip_failed_resources Default value is false. This value will indicate if there is error, skip the failed objects and proceed with next set of objects for MP to Policy promotion. boolean Default: "False"

MpOspfExternalLinkState (schema)

OSPF router link state

OSPF router link state details.

Name Description Type Notes
advertised_router OSPF advertised router string Required
Readonly
checksum Cost of the route string Required
Readonly
link_state_id OSPF link id string Required
Readonly
metric_type Type of metric string Required
Readonly
route Route with ip address and mask IPAddress Required
Readonly
sequence_number Sequence number string Required
Readonly
tag Tag integer Required
Readonly
up_time LSA age integer Required
Readonly

MpOspfNetworkLinkStates (schema)

OSPF router link state

OSPF router link state details.

Name Description Type Notes
advertised_router OSPF advertised router string Required
Readonly
checksum Cost of the route string Required
Readonly
link_state_id OSPF link id string Required
Readonly
sequence_number Sequence number string Required
Readonly
up_time LSA age integer Required
Readonly

MpOspfRouterLinkStates (schema)

OSPF router link state

OSPF router link state details.

Name Description Type Notes
advertised_router OSPF advertised router string Required
Readonly
checksum Cost of the route string Required
Readonly
link_state_id OSPF link id string Required
Readonly
router_links Number of router links integer Required
Readonly
sequence_number Sequence number string Required
Readonly
up_time LSA age integer Required
Readonly

MpOspfSummaryLinkStates (schema)

OSPF summary link state

OSPF summary link state details.

Name Description Type Notes
advertised_router OSPF advertised router string Required
Readonly
checksum Cost of the route string Required
Readonly
link_state_id OSPF link id string Required
Readonly
sequence_number Sequence number string Required
Readonly
summary_address OSPF summary address IPAddress Required
Readonly
up_time LSA age integer Required
Readonly

MsgClientInfo (schema)

Information about a messaging client

Name Description Type Notes
account_name Account name for the messaging client. Identifies the client on the management plane message bus. string
certificate Messaging client's certificate. Used to authenticate to the control plane messaging endpoint. string
shared_secret Messaging client's secret. Used to authenticate to the management plane messaging broker. string
software_version Software version of the node. string Readonly

MultiWidgetConfiguration (schema)

Multi-Widget

Combines two or more widgetconfigurations into a multi-widget

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string Maximum length: 1024
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value MultiWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated
widgets Widgets

Array of widgets that are part of the multi-widget.		 array of WidgetItem Required
Minimum items: 1
Maximum items: 2

MulticastForwarding (schema)

Multicast forwarding entry

Multicast forwarding entry.

Name Description Type Notes
incoming_interface Ingress interface

Ingress interface on whic multicast traffic is learned.		 MulticastForwardingInterface Required
Readonly
multicast_group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
outgoing_interfaces Egress interfaces

Array of egress interfaces on whic multicast traffic is forwarded.
array of MulticastForwardingInterface Readonly
source Multicast source address

Multicast source address.		 IPAddress Required
Readonly

MulticastForwardingCsvRecord (schema)

Name Description Type Notes
incoming_interface Ingress interface

Ingress interface on whic multicast traffic is learned.		 string Required
Readonly
multicast_group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
outgoing_interfaces Egress interfaces

Array of egress interfaces on whic multicast traffic is forwarded.
string Readonly
source Multicast source address

Multicast source address.		 IPAddress Required
Readonly
transport_node Transport node uuid or policy path

Transport node uuid or policy path.		 string Required
Readonly

MulticastForwardingInterface (schema)

Multicast forwarding interface

Multicast forwarding interface details.

Name Description Type Notes
ifuid Interface id

Interface id.		 string Required
Readonly

MulticastForwardingPerEdge (schema)

Multicast Forwarding Per Edge

Multicast Forwarding Per Edge.

Name Description Type Notes
edge_path Policy path to edge node

Policy path to edge node.
string Required
mcast_forwarding array of MulticastForwarding

MulticastRoute (schema)

Multicast route details

Multicast route details.

Name Description Type Notes
group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
input_interface Ingress interface

Ingress interface on which multicast traffic is learned.		 string Required
Readonly
output_interface Egress interface

Egress interface on which multicast traffic is forwarded.		 string Required
Readonly
source_address Multicast source address

Multicast source address.		 IPAddress Required
Readonly
ttl Time to live

Time-to-live value for multicast packets.		 integer Required
Readonly
uptime Multicast route uptime

Time for which multicast route entry is active.		 string Required
Readonly

MulticastRouteCsvRecord (schema)

Name Description Type Notes
group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
input_interface Ingress interface

Ingress interface on which multicast traffic is learned.		 string Required
Readonly
output_interface Egress interface

Egress interface on which multicast traffic is forwarded.		 string Required
Readonly
source_address Multicast source address

Multicast source address.		 IPAddress Required
Readonly
transport_node Transport node uuid or policy path

Transport node uuid or policy path.		 string Required
Readonly
ttl Time to live

Time-to-live value for multicast packets.		 integer Required
Readonly
uptime Multicast route uptime

Time for which multicast route entry is active.		 string Required
Readonly

MulticastRoutesPerEdge (schema)

Multicast Routes Per Edge

Multicast Routes Per Edge.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
edge_path Policy path to edge node

Policy path to edge node.
string Required
mcast_routes array of MulticastRoute
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NDRAAdvertisedRoute (schema)

Name Description Type Notes
route_lifetime Lifetime of advertised route

Lifetime of advertised route in seconds.
integer Minimum: 0
Maximum: 65520
Default: "1800"
route_preference Route preference

NDRA Route preference. Indicates preference of the router associated
with a prefix over others, when multiple identical prefixes (for
different routers) have been received.
NDRAPreference Default: "MEDIUM"
subnet Advertised route subnet

Advertised route subnet
IPv6CIDRBlock Required

NDRAPreference (schema)

NDRA Router and route preference

For an NDRA router, indicates preference of this router over other default routers.
For an NDRA route, indicates preference of the router associated with this prefix
over others, when multiple identical prefixes (for different routers) have
been received.
Preference values are LOW, MEDIUM (default) and HIGH. RESERVED value is not
to be used and is treated as MEDIUM.

Name Description Type Notes
NDRAPreference NDRA Router and route preference

For an NDRA router, indicates preference of this router over other default routers.
For an NDRA route, indicates preference of the router associated with this prefix
over others, when multiple identical prefixes (for different routers) have
been received.
Preference values are LOW, MEDIUM (default) and HIGH. RESERVED value is not
to be used and is treated as MEDIUM.
string Enum: LOW, MEDIUM, HIGH, RESERVED

NDRAPrefixConfig (schema)

Overrides the router advertisement attributes for the
IPv6 prefixes.

Name Description Type Notes
network_prefix Network prefix

Override the neighbor discovery prefix preferred time and
prefix valid time for the subnet on uplink port whose
network matches with the network address of CIDR specified
in network_prefix.
IPv6CIDRBlock Required
prefix_preferred_time Prefix preferred time

The time interval in seconds, in which the prefix is advertised
as preferred.
integer Minimum: 0
Maximum: 4294967295
prefix_valid_time Subnet Prefix Length

The time interval in seconds, in which the prefix is advertised
as valid.
integer Minimum: 0
Maximum: 4294967295

NDRAProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_config DNS Configuration RaDNSConfig
id Unique identifier of this resource string Sortable
ndra_advertised_route Route advertised in NDRAProfile.
array of NDRAAdvertisedRoute
ra_config RA Configuration RAConfig Required
ra_mode RA Mode RAMode Required
Default: "SLAAC_DNS_THROUGH_RA"
reachable_timer Reachable timer

Neighbour reachable time duration in milliseconds.
A value of 0 means unspecified.
integer Minimum: 0
Maximum: 3600000
Default: "0"
resource_type Must be set to the value NDRAProfile string
retransmit_interval Retransmission interval

The time, in milliseconds, between retransmitted neighbour
solicitation messages.
integer Minimum: 0
Maximum: 4294967295
Default: "1000"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

NDRAProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of NDRAProfile array of NDRAProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NSAttributes (schema)

NS Attributes data holder structure

Name Description Type Notes
attributes_data Data for attribute NSAttributesData Required
sub_attributes Reference to sub attributes for the attribute array of NSAttributesData

NSAttributesData (schema)

Attributes/sub-attributes data holder structure for NSProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attribute_source Attribute is predefined or custom string Enum: SYSTEM, CUSTOM
datatype Data type of attribute/sub attribute key string Required
Enum: STRING
description Description for NSProfile attributes string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
key Key for attribute/sub attribute

NSProfile attribute/sub attribute keys.
string Required
resource_type Must be set to the value NSAttributesData string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
value value for attribute/sub attribute key

Multiple attribute/sub attribute values can be specified
as elements of array.
array of string Required
Minimum items: 1

NSGroup (schema)

Networking and Security Group

NSGroups are recursive groupings of different NSX elements (logical and physical), typically used in policy definitions.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
member_count Count of the members added to this NSGroup integer Readonly
members Members of NSGroup

Reference to the direct/static members of the NSGroup.
Can be ID based expressions only. VirtualMachine cannot
be added as a static member.
array of NSGroupSimpleExpression Maximum items: 500
membership_criteria The criteria for membership of this NSGroup

List of tag or name based expressions which define the dynamic membership criteria
for this NSGroup. An object must satisfy atleast one of these expressions
to qualify as a member of this group.
It is not recommended to use ID based expressions in this section.
ID based expression should be used in "members" section
array of NSGroupExpression
(Abstract type: pass one of the following concrete types)
NSGroupComplexExpression
NSGroupExpression
NSGroupSimpleExpression
NSGroupTagExpression		 Maximum items: 5
resource_type Must be set to the value NSGroup string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

NSGroupComplexExpression (schema)

Complex expressions to represent NSGroup membership

Name Description Type Notes
expressions List of simple and tag expressions

Represents expressions which are to be logically 'AND'ed.The array cannot contain
NSGroupComplexExpression.Only NSGroupTagExpression and NSGroupSimpleExpressions
are accepted.
array of NSGroupExpression
(Abstract type: pass one of the following concrete types)
NSGroupComplexExpression
NSGroupExpression
NSGroupSimpleExpression
NSGroupTagExpression		 Required
Minimum items: 2
Maximum items: 5
resource_type Must be set to the value NSGroupComplexExpression string Required
Enum: NSGroupSimpleExpression, NSGroupComplexExpression, NSGroupTagExpression

NSGroupDeleteRequestParameters (schema)

NSGroup delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

NSGroupExpression (schema)

Policy expression for NSGroup membership

Name Description Type Notes
resource_type string Required
Enum: NSGroupSimpleExpression, NSGroupComplexExpression, NSGroupTagExpression

NSGroupExpressionList (schema)

List of NSGroupExpressions

Name Description Type Notes
members List of NSGroupExpressions to be passed to add and remove APIs array of NSGroupExpression
(Abstract type: pass one of the following concrete types)
NSGroupComplexExpression
NSGroupExpression
NSGroupSimpleExpression
NSGroupTagExpression		 Required
Maximum items: 500

NSGroupInfo (schema)

NSGroupInfo

NSGroupInfo contains information about a particular NSGroup used in a SI Rule. It also contains information about policy path used to create this NSGroup.

Name Description Type Notes
nsgroup NSGroup

NSGroup Data.		 ResourceReference Readonly
nsgroup_policy_path Policy Path of a Particular NSGroup

Relative Policy path of a particular NSGroup.		 string Required
Readonly

NSGroupListRequestParameters (schema)

NSGroup list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
member_types Specify member types to filter corresponding NSGroups

Specify valid member types in CSV format to filter NSGroups. Returns NSGroups
whose member types are same as or subset of specified member types
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
populate_references Populate metadata of resource referenced by NSGroupExpressions

If set to true, the target_resource property of each
NSGroupExpresion will be populated from the associated resource
when the expression uniquely identifies a resource.
boolean Default: "False"
sort_ascending boolean
sort_by Field by which records are sorted string

NSGroupListResult (schema)

Paged Collection of NSGroups

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NSGroup list results array of NSGroup Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NSGroupRequestParameters (schema)

NSGroup request parameters

Name Description Type Notes
populate_references Populate metadata of resource referenced by NSGroupExpressions

If set to true, the target_resource property of each
NSGroupExpresion will be populated from the associated resource
when the expression uniquely identifies a resource.
boolean Default: "False"

NSGroupServiceAssociationListRequestParameters (schema)

NSGroup Service association list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
fetch_parentgroup_associations Fetch complete list of associated resources considering nesting

If set to true, will fetch direct as well as
indirect associated service entities for the given NSGroup.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
service_type string Required
Enum: firewall, ipfix
sort_ascending boolean
sort_by Field by which records are sorted string

NSGroupSimpleExpression (schema)

Simple expressions to represent NSGroup membership

Name Description Type Notes
op Operator of the expression

All operators perform a case insensitive match.
string Required
Enum: EQUALS, CONTAINS, STARTSWITH, ENDSWITH, NOTEQUALS
resource_type Must be set to the value NSGroupSimpleExpression string Required
Enum: NSGroupSimpleExpression, NSGroupComplexExpression, NSGroupTagExpression
target_property Field of the resource on which this expression is evaluated string Required
target_resource Reference of the target

Reference of the target. Will be populated when
the property is a resource id, the op (operator) is EQUALS and
populate_references is set to be true.
ResourceReference Readonly
target_type Type of the resource on which this expression is evaluated NSGroupValidResourceType Required
value Value that satisfies this expression string Required

NSGroupTagExpression (schema)

TAG expressions to represent NSGroup membership

Includes both scope and tag attribute of Tag. The scope and tag expressions
are logically 'AND' with each other.
eg- tag.scope = "S1" AND tag.tag = 'T1'

Name Description Type Notes
resource_type Must be set to the value NSGroupTagExpression string Required
Enum: NSGroupSimpleExpression, NSGroupComplexExpression, NSGroupTagExpression
scope The tag.scope attribute of the object string Maximum length: 128
scope_op Operator of the scope expression eg- tag.scope = "S1". string Enum: EQUALS
Default: "EQUALS"
tag The tag.tag attribute of the object string Maximum length: 256
tag_op Operator of the tag expression eg- tag.tag = "Production"

Target_type VirtualMachine supports all specified operators for
tag expression while LogicalSwitch and LogicalPort supports only
EQUALS operator.
All operators perform a case insensitive match.
string Enum: EQUALS, CONTAINS, STARTSWITH, ENDSWITH
Default: "EQUALS"
target_type Type of the resource on which this expression is evaluated string Required
Enum: LogicalSwitch, LogicalPort, VirtualMachine, IPSet

NSGroupValidResourceType (schema)

Resource type valid for use in an NSGroupExpression

Name Description Type Notes
NSGroupValidResourceType Resource type valid for use in an NSGroupExpression string Enum: NSGroup, IPSet, MACSet, LogicalSwitch, LogicalPort, VirtualMachine, DirectoryGroup, VirtualNetworkInterface, TransportNode, CloudNativeServiceInstance, PhysicalServer, LogicalRouter, LogicalRouterPort

NSProfile (schema)

Network Services Profile entity

An entity that encapsulates attributes and sub-attributes of various
network services (ex. L7 services,domain name,encryption algorithm)
The entity will be consumed in DFW rules and can be added in new
tuple called profile in DFW rules. This entity is design to be generic
and can be consumed at other places as well where attributes and
sub-attributes collection can be used. To get a list of supported
attributes and sub-attributes fire the following REST API
GET https://<nsx-mgr>/api/v1/ns-profiles/attributes

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_valid Flag indicating if NSProfile has supported app ids

If set to false, the NSProfile has some app ids which
are unsupported. Those were allowed to be added in
previous releases but in testing in later phases
found that those app ids could not be detected.
boolean Readonly
Default: "True"
nsprofile_attribute NSProfile attributes and sub-attributes object

Reference to the encapsulating object of attributes/sub-attributes for
NSProfile.
array of NSAttributes Required
resource_type Must be set to the value NSProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

NSProfileDeleteRequestParameters (schema)

NSProfile delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

NSProfileListRequestParameters (schema)

NSProfile list request parameters.

Name Description Type Notes
attribute_type Fetch NSProfiles for the given attribute type

It fetches NSProfiles for the given attribute type.
Only one type of supported attribute type can be mentioned
in a single API call.API will return all NSProfiles that
have at least one attribute level key which matches given
attribute type. If not provided, all NSProfiles will be
returned.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

NSProfileListResult (schema)

List result of NSProfiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of NSProfiles array of NSProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NSService (schema)

A Networking and Security Service allows users to specify characteristics to use
for matching network traffic. For example the user can specify port and protocol
pair.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
default_service NSServices created in the system by default

The default NSServices are created in the system by default. These NSServices
can't be modified/deleted
boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
nsservice_element An NSService Element that describes traffic corresponding to this NSService NSServiceElement
(Abstract type: pass one of the following concrete types)
ALGTypeNSService
EtherTypeNSService
ICMPTypeNSService
IGMPTypeNSService
IPProtocolNSService
L4PortSetNSService		 Required
resource_type Must be set to the value NSService string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

NSServiceDeleteRequestParameters (schema)

NSService delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

NSServiceElement (schema)

An NSService element that describes traffic corresponding to an NSService

This is an abstract type. Concrete child types:
ALGTypeNSService
EtherTypeNSService
ICMPTypeNSService
IGMPTypeNSService
IPProtocolNSService
L4PortSetNSService

Name Description Type Notes
resource_type The specific type of NSServiceElement string Required
Enum: EtherTypeNSService, IPProtocolNSService, IGMPTypeNSService, ICMPTypeNSService, ALGTypeNSService, L4PortSetNSService

NSServiceGroup (schema)

A Networking and Security Service Group that represents a group of NSServices

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
default_service NSServiceGroups created in the system by default

The default NSServiceGroups are created in the system by default. These
NSServiceGroups can't be modified/deleted
boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
members List of NSService resources that can be added as members
to an NSServiceGroup.
array of ResourceReference Required
Maximum items: 50
resource_type Must be set to the value NSServiceGroup string
service_type Type of the NSServiceGroup string Readonly
Enum: ETHER, NON_ETHER
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

NSServiceGroupDeleteRequestParameters (schema)

NSServiceGroup delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

NSServiceGroupListRequestParameters (schema)

NSServiceGroup list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
default_service Fetch all default NSServiceGroups

If set to true, then it will display only default
NSServiceGroups. If set to false, then it will display all those
NSServiceGroups which are not default. If it is not provided,
then complete (default as well as non default) list of
NSServiceGroups will be displayed.
boolean
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

NSServiceGroupListResult (schema)

List result of NSServiceGroups

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of NSServiceGroups array of NSServiceGroup Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NSServiceListRequestParameters (schema)

NSService list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
default_service Fetch all default NSServices

If set to true, then it will display only default NSServices. If
set to false, then it will display all those NSServices which are not
default. If it is not provided, then complete (default
as well as non default) list of NSServices will be displayed.
boolean
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

NSServiceListResult (schema)

List result of NSservices

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of NSServices array of NSService Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NSSupportedAttributeTypesResult (schema)

NSSupportedAttributes Types

Name Description Type Notes
attribute_types List of NSSupportedAttributes types array of string Readonly

NSSupportedAttributes (schema)

Supported attributes and sub-attributes for NSProfile

Name Description Type Notes
ns_attributes Collection of supported attributes and sub-attributes

The type represent pre-defined or user defined list of supported attributes
and sub-attributes that can be used while creating NSProfile
array of NSAttributes Required

NSSupportedAttributesListRequestParameters (schema)

NSAttributes list request parameters.

Name Description Type Notes
attribute_source Fetch attributes source string Enum: SYSTEM, CUSTOM, ALL
attribute_type Fetch attributes and sub-attributes for the given attribute type

It fetches attributes and subattributes for the given attribute type
supported in the system which can be used for NSProfile creation.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

NSSupportedAttributesListResult (schema)

NSSupportedAttributes for supported attributes and sub-attributes

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of NSSupportedAttributes array of NSSupportedAttributes Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NSXProfileReference (schema)

Reference of single NSX profile which need to added in service config profiles

It is a reference to any NSX profile. It comprise of NSX profile type
eg. DFWCPUProfile, CentralConfigProfile etc. and id of profile i.e. target_id

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
profile_type ProfileType Required
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

NSXTConnectionInfo (schema)

NSX-T Connection Info

Credential info to connect to an NSX-T type of enforcement point.

Name Description Type Notes
edge_cluster_ids Edge Cluster IDs

Edge Cluster UUIDs on enforcement point. Edge cluster information is
required for creating logical L2, L3 constructs on enforcement point.
Max 1 edge cluster ID.
This is a deprecated property. The edge cluster id is now auto
populated from enforcement point and its value can be read using APIs
GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-clusters and
GET /infra/sites/site-id/enforcement-points/enforcementpoint-1/edge-clusters/edge-cluster-id.
The value passed through this property will be ignored.
array of string Deprecated
Maximum items: 1
enforcement_point_address Enforcement Point Address

Value of this property could be Hostname or IP. For instance:
- On an NSX-T MP running on default port, the value could be "10.192.1.1"
- On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789"
- On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"
string Required
password Password

Password.		 string
resource_type Must be set to the value NSXTConnectionInfo string Required
Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
thumbprint Thumbprint of Enforcement Point

Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.
string
transport_zone_ids Transport Zone IDs

Transport Zone UUIDs on enforcement point. Transport zone information is
required for creating logical L2, L3 constructs on enforcement point.
Max 1 transport zone ID.
This is a deprecated property. The transport zone id is now auto
populated from enforcement point and its value can be read using APIs
GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones and
GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones/transport-zone-id.
The value passed through this property will be ignored.
array of string Deprecated
Maximum items: 1
username Username

Username.		 string

NSXVConnectionInfo (schema)

NSX-V Connection Info

Credential info to connect to an NSX-V type of enforcement point.

Name Description Type Notes
enforcement_point_address Enforcement Point Address

Value of this property could be Hostname or IP. For instance:
- On an NSX-T MP running on default port, the value could be "10.192.1.1"
- On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789"
- On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"
string Required
password Password

Password.		 string Required
resource_type Must be set to the value NSXVConnectionInfo string Required
Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
thumbprint Thumbprint of Enforcement Point

Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.
string Required
username Username

Username.		 string Required

NamedTeamingPolicy (schema) (Deprecated)

Uplink Teaming Policy with a name that can be referenced by logical switches

Name Description Type Notes
active_list List of Uplinks used in active list array of Uplink Required
name The name of the uplink teaming policy

An uplink teaming policy of a given name defined in UplinkHostSwitchProfile. The names of all NamedTeamingPolicies in an UplinkHostSwitchProfile must be different, but a name can be shared by different UplinkHostSwitchProfiles. Different TransportNodes can use different NamedTeamingPolicies having the same name in different UplinkHostSwitchProfiles to realize an uplink teaming policy on a logical switch. An uplink teaming policy on a logical switch can be any policy defined by a user; it does not have to be a single type of FAILOVER or LOADBALANCE. It can be a combination of types, for instance, a user can define a policy with name "MyHybridTeamingPolicy" as "FAILOVER on all ESX TransportNodes and LOADBALANCE on all KVM TransportNodes". The name is the key of the teaming policy and can not be changed once assigned.		 string Required
policy Teaming policy string Required
Enum: FAILOVER_ORDER, LOADBALANCE_SRCID, LOADBALANCE_SRC_MAC
rolling_order Flag for preemptive mode boolean Default: "False"
standby_list List of Uplinks used in standby list array of Uplink

NamespaceMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name Description Type Notes
display_name The display name of the member on the enforcement point string Required
Readonly
id The ID of the member on the enforcement point string Required
Readonly
pods array of PolicyGroupMemberDetails Required

NatActions (schema) (Deprecated)

NAT action types

NAT action types.

Name Description Type Notes
NatActions NAT action types

NAT action types.
string Deprecated
Enum: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT, NAT64

NatCounters (schema) (Deprecated)

Name Description Type Notes
active_sessions The number of active sessions integer Readonly
total_bytes The number of bytes integer Readonly
total_packets The number of packets integer Readonly

NatFirewallMatch (schema) (Deprecated)

The rule how the firewall is applied to a traffic packet

The type indicates how the firewall is applied to a traffic packet.
MATCH_EXTERNAL_ADRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done.
MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done.
BYPASS indicates the firewall stage will be skipped.

Name Description Type Notes
NatFirewallMatch The rule how the firewall is applied to a traffic packet

The type indicates how the firewall is applied to a traffic packet.
MATCH_EXTERNAL_ADRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done.
MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done.
BYPASS indicates the firewall stage will be skipped.		 string Deprecated
Enum: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS, BYPASS

NatRule (schema) (Deprecated)

The configuration entity to define a NAT rule

The configuration entity to define a NAT rule. It defines how an ip packet
is matched via source address or/and destination address or/and service(s),
how the address (and/or) port is translated, and how the related firewall
stage is involved or bypassed.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action NAT rule action type

Valid actions: SNAT, DNAT, NO_SNAT, NO_DNAT, REFLEXIVE, NAT64. All
rules in a logical router are either stateless or stateful. Mix is
not supported. SNAT and DNAT are stateful, can NOT be supported when
the logical router is running at active-active HA mode; REFLEXIVE
is stateless. NO_SNAT and NO_DNAT have no translated_fields, only
match fields are supported.
NatActions Required
applied_tos List of LogicalRouterPort resources as applied to

Holds the list of LogicalRouterPort Ids that a NAT rule can be applied to. The LogicalRouterPort used must belong to the same LogicalRouter for which the NAT Rule is created. As of now a NAT rule can only have a single LogicalRouterPort as applied_tos. When applied_tos is not set, the NAT rule is applied to all LogicalRouterPorts beloging to the LogicalRouter.		 array of ResourceReference Maximum items: 1
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled enable/disable the rule

Indicator to enable/disable the rule.
boolean Default: "True"
firewall_match The rule how the firewall is applied

Indicate how firewall is applied to a traffic packet. Firewall can be
bypassed, or be applied to external/internal address of NAT rule.

The firewall_match will take priority over nat_pass. If the firewall_match
is not provided, the nat_pass will be picked up.
NatFirewallMatch
id Unique identifier of this resource string Sortable
internal_rule_id Internal NAT rule uuid

Internal NAT rule uuid for debug used in Controller and backend.		 string Readonly
logging Enable/disable the logging of rule

Enable/disable the logging of rule.
boolean Default: "False"
logical_router_id Logical router id

The logical router id which the nat rule runs on.		 string Readonly
match_destination_network match destination network

IP Address | CIDR | (null implies Any)
string
match_service match service

A NSServiceElement that specifies the matching services of source
ports, destination ports, ip protocol version and number, sub protocol
version and number, ICMP type and code, etc.
The match_service can be one of IPProtocolNSService,L4PortSetNSService
or ICMPTypeNSService. REFLEXIVE NAT does not support match_service.
NSServiceElement
(Abstract type: pass one of the following concrete types)
ALGTypeNSService
EtherTypeNSService
ICMPTypeNSService
IGMPTypeNSService
IPProtocolNSService
L4PortSetNSService
match_source_network match source network

IP Address | CIDR | (null implies Any)
string
nat_pass enable/disable to bypass following firewall stage

Default is true. If the nat_pass is set to true, the following firewall
stage will be skipped. Please note, if action is NO_SNAT or NO_DNAT,
then nat_pass must be set to true or omitted.

Nat_pass was deprecated with an alternative firewall_match. Please stop
using nat_pass to specify whether firewall stage is skipped. if you want
to skip, please set firewall_match to BYPASS. If you do not want to skip,
please set the firewall_match to MATCH_EXTERNAL_ADDRESS or
MATCH_INTERNAL_ADDRESS.

Please note, the firewall_match will take priority over the nat_pass.
If both are provided, the nat_pass is ignored. If firewall_match is not
provided while the nat_pass is specified, the nat_pass will still be
picked up. In this case, if nat_pass is set to false, firewall rule will
be applied on internall address of a packet, i.e. MATCH_INTERNAL_ADDRESS.
boolean Deprecated
Default: "True"
resource_type Must be set to the value NatRule string
rule_priority NAT rule priority

Ascending, valid range [0-2147483647]. If multiple rules have the same
priority, evaluation sequence is undefined.
integer Default: "1024"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
translated_network IP Address | IP Range | CIDR

The translated address for the matched IP packet. For a SNAT, it can be
a single ip address, an ip range, or a CIDR block. For a DNAT and
a REFLEXIVE, it can be a single ip address or a CIDR block. Translated
network is not supported for NO_SNAT or NO_DNAT.
string
translated_ports port number or port range. DNAT only

The translated port(s) for the mtached IP packet. It can be a single
port or a port range. Please note, port translating is supported only
for DNAT.
string

NatRuleList (schema) (Deprecated)

Name Description Type Notes
rules NAT rules list

Add new NatRules to the list in Bulk creation.
array of NatRule Required
Maximum items: 128

NatRuleListResult (schema) (Deprecated)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NAT rule list results array of NatRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NatRuleTypeParameter (schema) (Deprecated)

The parameter of getting NAT rules

The parameters for getting NAT rules.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
rule_type Action type for getting NAT rules

If not specify rule_type, backend returns NAT rule list for IPv4.
If specify rule_type to ALL, backend returns all NAT rules list.
If specify rule_type to NATv4, backend returns NAT rule list for IPv4.
If specify rule_type to NAT64, backend returns NAT rule list for IPv6.
string Enum: ALL, NATv4, NAT64
sort_ascending boolean
sort_by Field by which records are sorted string

NatStatisticsPerLogicalRouter (schema) (Deprecated)

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_router_id Id for the logical router string Required
Readonly
per_transport_node_statistics Detailed per node statistics array of NatStatisticsPerTransportNode Readonly
statistics_across_all_nodes Rolled-up statistics for all rules on the logical router across all the nodes NatCounters Required
Readonly

NatStatisticsPerRule (schema) (Deprecated)

Name Description Type Notes
active_sessions The number of active sessions integer Readonly
id The id of the NAT rule. string Required
Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_router_id The id of the logical router which owns the NAT rule. string Required
Readonly
total_bytes The number of bytes integer Readonly
total_packets The number of packets integer Readonly
warning_message The warning message about the NAT Rule statistics. string Readonly

NatStatisticsPerTransportNode (schema)

Name Description Type Notes
active_sessions The number of active sessions integer Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
total_bytes The number of bytes integer Readonly
total_packets The number of packets integer Readonly
transport_node_id Id for the transport node string Required
Readonly

NdSnoopingConfig (schema)

ND Snooping Configuration

Contains Neighbor Discovery Protocol (ND) snooping related configuration.

Name Description Type Notes
nd_snooping_enabled Is ND snooping enabled or not

Enable this method will snoop the NS (Neighbor Solicitation) and NA
(Neighbor Advertisement) messages in the ND (Neighbor Discovery Protocol)
family of messages which are transmitted by a VM. From the NS messages,
we will learn about the source which sent this NS message. From the
NA message, we will learn the resolved address in the message which
the VM is a recipient of. Addresses snooped by this method are
subject to TOFU (Trust on First Use) policies as enforced by the system.
boolean Default: "False"
nd_snooping_limit Maximum number of ND (Neighbor Discovery Protocol) bindings

Maximum number of ND (Neighbor Discovery Protocol) snooped IPv6 addresses
int Minimum: 2
Maximum: 15
Default: "3"

NdpHeader (schema)

Neighbor discovery protocol header

Name Description Type Notes
dst_ip The destination IP address

The IP address of the destination of the solicitation. It MUST NOT be a multicast address.		 IPv6Address
msg_type NDP message type

This field specifies the type of the Neighbor discover message being sent. NEIGHBOR_SOLICITATION - Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node or to confirm a previously determined link-layer address. NEIGHBOR_ADVERTISEMENT - Neighbor Advertisement message in response to a Neighbor Solicitation message.		 string Enum: NEIGHBOR_SOLICITATION, NEIGHBOR_ADVERTISEMENT
Default: "NEIGHBOR_SOLICITATION"

NeighborProperties (schema)

Neighbor properties

Name Description Type Notes
capabilities Capabilities string Readonly
enabled_capabilities Enabled capabilities string Readonly
ifindex Interface index integer Readonly
link_aggregation_capable Aggregation Capability boolean Readonly
link_aggregation_port_id Aggregation port id string Readonly
link_aggregation_status Aggregation Status

True if currently in aggregation		 boolean Readonly
mac Interface MAC address string Readonly
Pattern: "^[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}$"
mgmt_addr Management address string Readonly
name Interface name string Readonly
oid Object identifier string Readonly
port_desc Port description string Readonly
system_desc System description string Readonly
system_name System name string Readonly
system_port_number System port number integer Readonly

NestedExpression (schema)

NestedExpression

Nested expressions is a list of condition expressions that must follow the
below criteria:
0. Only allowed expressions in a NestedExpression are Condition and
ConjunctionOperator.
1. A non-empty expression list, must be of odd size. In a list, with
indices starting from 0, all condition expressions must be at even indices,
separated by the conjunction expressions AND at odd indices.
2. There may be at most 5 condition expressions inside a list.
3. NestedExpressions are homogeneous in nature, i.e, all expressions inside
a nested expression must have the same member type.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
expressions Expression

Expression.		 array of Expression
(Abstract type: pass one of the following concrete types)
Condition
ConjunctionOperator
ExternalIDExpression
IPAddressExpression
IdentityGroupExpression
MACAddressExpression
NestedExpression
PathExpression		 Required
Minimum items: 1
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value NestedExpression string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

NestedServiceServiceEntry (schema)

A ServiceEntry that represents nesting service

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
nested_service_path path of nested service string Required
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value NestedServiceServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

NetworkError (schema)

Network Error

Network error related to container objects.

Name Description Type Notes
error_code Error code

Error code of network related error.		 string Readonly
error_message Error message

Detailed message of network related error.		 string Readonly
spec Other specifications

Additional error information in json format.		 string Readonly

NetworkInterfaceRequestParameters (schema)

Node network interface request parameters

Request parameters to filter REST API for list network interface.

Name Description Type Notes
admin_status Admin status of the interface

Defines admin status of the interface.		 string Enum: UP, DOWN
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

NewRole (schema)

New Role

Name Description Type Notes
new_role_description New role description string
new_role_id New role id string Required
Pattern: "^[_a-z0-9-]+$"
new_role_name New role name string Required

NextHopPrefixListsMapping (schema)

Next hop to prefix lists mapping

Next hop to prefix lists mapping.

Name Description Type Notes
next_hop Next hop address

Next hop address.		 string Required
prefix_lists Prefix list UUIDs

Array of Prefix list UUIDs.		 array of string Required
Minimum items: 1
Maximum items: 1

NicInfo (schema)

NIC information

Information of a network interface present on the partner appliance that needs to be configured by the NSX Manager.

Name Description Type Notes
gateway_address Gateway address

Gateway address associated with the NIC metadata.		 string
ip_address IP address

IP address associated with the NIC metadata. Required only when assigning IP statically for a deployment that is for a single VM instance.		 string
ip_allocation_type IP allocation type

IP allocation type with values STATIC, DHCP, or NONE indicating that IP address is not required.		 string Enum: STATIC, DHCP, NONE
ip_pool_id Static IP Pool Id

If the nic should get IP using a static IP pool then IP pool id should be provided here.		 string
network_id Network Id

Network Id associated with the NIC metadata. It can be a moref, or a logical switch ID. If it is to be taken from 'Agent VM Settings', then it should be empty.		 string
nic_metadata NIC metadata

NIC metadata information.		 NicMetadata Required
Readonly
subnet_mask Subnet mask

Subnet mask associated with the NIC metadata.		 string

NicMetadata (schema)

NIC Metadata

Information on the Network interfaces present on the partner appliance that needs to be configured by the NSX Manager.

Name Description Type Notes
interface_index Interface Index

Network Interface index.		 integer Required
Minimum: 0
interface_label Interface label

Network Interface label.		 string Required
interface_type Interface type

Interface that needs to be configured on the partner appliance. Ex. MANAGEMENT, DATA1, DATA2, HA1, HA2, CONTROL.		 string Required
Enum: MANAGEMENT, DATA1, DATA2, HA1, HA2, CONTROL
transports Transport Type

Transport Type of the service, which is the mechanism of redirecting the traffic to the the partner appliance. Transport type is required if Service caters to any functionality other than EPP and MPS. Here, the transports array specifies the kinds of transport where this particular NIC is user configurable. If nothing is specified, and the "user_configurable" flag is true, then user configuration will be allowed for all transports. If any transport is/are specified, then it will be considered as user configurable for the specified transports only."		 array of string Enum: L2_BRIDGE, L3_ROUTED, NSH
Minimum items: 0
Maximum items: 3
user_configurable Required Configuration

Used to specify if the given interface needs configuration. Management nics will always need the configuration, for others it will be use case specific. For example, a DATA NIC may be user configurable if the appliance is deployed in certain mode, such as L3_ROUTED.		 boolean

NiocProfile (schema) (Deprecated)

Profile for Nioc

This profile is created for Network I/O Control(NIOC).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enabled status of NIOC feature

The enabled property specifies the status of NIOC feature.
When enabled is set to true, NIOC feature is turned on and
the bandwidth allocations specified for the traffic resources
are enforced. When enabled is set to false, NIOC feature
is turned off and no bandwidth allocation is guaranteed.
By default, enabled will be set to true.
boolean Default: "True"
host_infra_traffic_res Resource allocation associated with NiocProfile

host_infra_traffic_res specifies bandwidth allocation for
various traffic resources.
array of ResourceAllocation
id Unique identifier of this resource string Sortable
required_capabilities array of string Readonly
resource_type Must be set to the value NiocProfile HostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

NoRestRequestParameters (schema)

Parameter definition for requests that do not allow parameters.

Name Description Type Notes
NoRestRequestParameters Parameter definition for requests that do not allow parameters. object

Node (schema)

Name Description Type Notes
description Description of this resource

This field is deprecated. TransportNode field 'description' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 1024
Sortable
discovered_ip_addresses Discovered IP Addresses of the fabric node, version 4 or 6 array of IPAddress Readonly
display_name Identifier to use when displaying entity in logs or GUI

This field is deprecated. TransportNode field 'display_name' must be used instead. For HostNode, this field defaults to ID if not set. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 255
Sortable
external_id ID of the Node maintained on the Node and used to recognize the Node string
fqdn Fully qualified domain name of the fabric node string Readonly
id Unique identifier of this resource

Unique identifier of this resource.		 string Sortable
ip_addresses IP Addresses of the Node, version 4 or 6

IP Addresses of the Node, version 4 or 6. This property is mandatory for all nodes except for
automatic deployment of edge virtual machine node. For automatic deployment, the ip address from
management_port_subnets property will be considered.
array of IPAddress
resource_type Fabric node type, for example 'HostNode', 'EdgeNode' or 'PublicCloudGatewayNode' string Required
tags Opaque identifiers meaningful to the API user

This field is deprecated. TransportNode field 'tags' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 array of Tag Deprecated
Maximum items: 30

NodeAsyncReplicatorServiceProperties (schema)

Node service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties Service properties LoggingServiceProperties

NodeAuthProviderVidmProperties (schema)

Node AAA provider vIDM properties

Name Description Type Notes
client_id vIDM client id string Required
client_secret vIDM client secret string
host_name Fully Qualified Domain Name(FQDN) of vIDM string Required
lb_enable Load Balancer enable flag boolean
node_host_name host name of the node redirected to

host name to use when creating the redirect URL for clients to follow after authenticating to vIDM		 string Required
thumbprint vIDM certificate thumbprint

Hexadecimal SHA256 hash of the vIDM server's X.509 certificate		 string Required
vidm_enable vIDM enable flag boolean

NodeAuthProviderVidmStatus (schema)

Node AAA provider vIDM status

Name Description Type Notes
runtime_state AAA provider vIDM status string Required
vidm_enable vIDM enable flag boolean Required

NodeCapabilitiesResult (schema)

List of capabilities of a fabric node

Name Description Type Notes
capabilities Node capability results array of NodeCapability Required

NodeCapability (schema)

Capability of a fabric node

Name Description Type Notes
description Description of this capability that can be displayed in UI string Required
Readonly
key String that identifies the base capability for all nodes string Required
Readonly
provider Provider of this capability for the node string Required
Readonly
value Value of this capability string Required
Readonly
version Version of the capability int Required
Readonly

NodeCertificateInfo (schema)

Name Description Type Notes
certificate Certificate content string
certificate_sha256_thumbprint SHA256 of certificate string
entity_type Entity type of this certificate NsxEntity

NodeConfigProperties (schema)

Information about configuration of this node

Name Description Type Notes
maintenance_mode_enabled Maintenance Mode enabled string Readonly
Enum: entering, enabled, exiting, disabled
Default: "disabled"
management_interface Management Interface Properties

Network properties of the management interface		 NodeNetworkInterfaceProperties Readonly
management_interface_vlan_id Management Interface VLAN ID

VLAN ID of the In-Band management interface		 integer Readonly
Minimum: 1
Maximum: 4094
management_routes Management Interface Static Routes

Management interface static routes of this node		 array of NodeRouteProperties Readonly

NodeDeploymentInfo (schema)

Node deployment info

Name Description Type Notes
external_id External id is the same as node id string
ip_addresses List of management IP array of IPAddress
resource_type Node type string

NodeEntityInfo (schema)

Name Description Type Notes
entity_type Entity type of this service endpoint NsxEntity
ip_address IP address of service provider string
port Port number of service provider integer Minimum: 0
Maximum: 65535

NodeFileSystemProperties (schema)

File system properties

Name Description Type Notes
file_system File system id string Readonly
mount File system mount string Readonly
total File system size in kilobytes integer Readonly
type File system type string Readonly
used Amount of file system used in kilobytes integer Readonly

NodeHttpServiceProperties (schema)

Node HTTP service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties HTTP Service properties HttpServiceProperties

NodeIdServicesMap (schema)

Name Description Type Notes
node_id NodeId string Required
Maximum length: 255
service_types List of ServiceTypes. array of ServiceType Required

NodeInfo (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
component_version Component version of the node string Required
Readonly
display_name Name of the node string Required
Readonly
id UUID of node

Identifier of the node		 string Required
Readonly
type Node type string Required
Readonly

NodeInfoListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which nodes will be filtered string
component_version Component version based on which nodes will be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

NodeInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Nodes array of NodeInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeInstallUpgradeServiceProperties (schema)

Node install-upgrade service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties install-upgrade Service properties InstallUpgradeServiceProperties

NodeInterSiteStatistics (schema)

Name Description Type Notes
last_update_timestamp Last updated timestamp

Timestamp when the remote tunnel port statistics was last updated.
EpochMsTimestamp Required
Readonly
stats_per_site Remote tunnel statistics per site

Remote tunnel statistics per site.		 array of RemoteTunnelStatisticsPerSite Readonly
transport_node_id Edge node id

Edge node id whose statistics is being reported.		 string Required
Readonly

NodeInterfaceAlias (schema)

Node network interface alias

Name Description Type Notes
broadcast_address Interface broadcast address IPAddress Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
ip_address Interface IP address IPAddress Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
ip_configuration Interface configuration string Enum: dhcp, static, not configured
netmask Interface netmask string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
physical_address Interface MAC address MACAddress

NodeInterfaceProperties (schema)

Node network interface properties

Name Description Type Notes
admin_status Interface administration status string Enum: UP, DOWN
backing_nsx_managed Indicates whether backing of VIRTUAL network interface is managed by NSX boolean
connected_switch Connected switch string
connected_switch_type Type of switch

Type of switch associated with the interface.		 string Readonly
Enum: VSS, DVS, N-VDS
device Device name

Device name.		 string Readonly
driver Driver name

Driver name.		 string Readonly
ens_capable Interface capability for Enhanced Networking Stack boolean
ens_enabled Indicates whether interface is enabled for Enhanced Networking Stack boolean
ens_interrupt_capable Interface capability for Enhanced Networking Stack interrupt

This boolean property describes if network interface is capable for Enhanced Networking Stack interrupt		 boolean
ens_interrupt_enabled Indicates whether interface is enabled for Enhanced Networking Stack interrupt

This boolean property describes if network interface is enabled for Enhanced Networking Stack interrupt		 boolean
host_managed Indicates whether interface is managed by the host boolean
interface_alias IP Alias array of NodeInterfaceAlias
interface_id Interface ID string
interface_type Interface Type string Enum: PHYSICAL, VIRTUAL, BOND, TEAMING
interface_uuid UUID of the interface string Readonly
key Device key

Device key.		 string Readonly
link_status Interface administration status string Enum: UP, DOWN
lport_attachment_id LPort Attachment Id assigned to VIRTUAL network interface of a node string
mtu Interface MTU integer
pci PCI device

PCI device.		 string Readonly
source Source of status data DataSourceType

NodeInterfacePropertiesListResult (schema)

Node network interface properties list results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Node interface property results array of NodeInterfaceProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeInterfaceStatisticsProperties (schema)

Node network interface statistic properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
interface_id Interface ID string
rx_bytes Number of bytes received integer
rx_dropped Number of packets dropped integer
rx_errors Number of receive errors integer
rx_frame Number of framing errors integer
rx_packets Number of packets received integer
source Source of status data. DataSourceType
tx_bytes Number of bytes transmitted integer
tx_carrier Number of carrier losses detected integer
tx_colls Number of collisions detected integer
tx_dropped Number of packets dropped integer
tx_errors Number of transmit errors integer
tx_packets Number of packets transmitted integer

NodeLogProperties (schema)

Node log properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
last_modified_time Last modified time expressed in milliseconds since epoch EpochMsTimestamp Readonly
log_name Name of log file string Readonly
log_size Size of log file in bytes integer Readonly

NodeLogPropertiesListResult (schema)

Node log property query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Node log property results array of NodeLogProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeMessagingClientInfo (schema)

Name Description Type Notes
clients A list of messaging clients owned by this entity array of MessagingClientInfo
entity_type Entity type of this messaging client NsxEntity

NodeMode (schema)

Stub for Nsx node modes

Possible values of a mode in a "/config/nsx_appliance_mode" file

Name Description Type Notes
mode_id Nsx node mode

Possible enum values in a "/config/nsx_appliance_mode" file		 string Required
Enum: ON_PREM, SERVICE, VMC, VMC_LOCAL

NodeNameServersProperties (schema)

Node network name servers properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
name_servers Name servers array of string Required
Maximum items: 3

NodeNetworkInterfaceProperties (schema)

Node network interface properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
admin_status Interface administration status string Readonly
Enum: up, down
bond_cur_active_slave Bond's currently active slave device string Readonly
bond_lacp_rate Bond's rate at which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode string Readonly
bond_mode Bond mode string Enum: ACTIVE_BACKUP, 802_3AD, ROUND_ROBIN, BROADCAST, XOR, TLB, ALB
bond_primary Bond's primary device name in active-backup bond mode string
bond_primary_slave Bond's primary device name in active-backup bond mode string Readonly
bond_slaves Bond's slave devices array of string
bond_xmit_hash_policy Bond's transmit hash policy for balance-xor and 802.3ad modes string Readonly
Enum: layer2, layer2+3, layer3+4, encap2+3, encap3+4
broadcast_address Interface broadcast address string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
default_gateway Interface's default gateway string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
interface_id Interface ID string Required
Readonly
ip_addresses Interface IP addresses array of IPv4AddressProperties Maximum items: 1
ip_configuration Interface configuration string Required
Enum: dhcp, static, not configured
is_kni Interface is a KNI boolean Readonly
link_status Interface administration status string Readonly
Enum: up, down
mtu Interface MTU integer
physical_address Interface MAC address string Readonly
Pattern: "^[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}$"
plane Interface plane string Enum: mgmt, debug, none
vlan VLAN Id integer Readonly
Minimum: 1
Maximum: 4094

NodeNetworkInterfacePropertiesListResult (schema)

Node network interface properties list results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Node network interface property results array of NodeNetworkInterfaceProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeNetworkProperties (schema)

Network configuration properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly

NodeNtpServiceProperties (schema)

Node NTP service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties NTP Service properties NtpServiceProperties

NodePolicyServiceProperties (schema)

Node service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties Service properties LoggingServiceProperties

NodeProcessProperties (schema)

Node process properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cpu_time CPU time (user and system) consumed by process in milliseconds integer Readonly
mem_resident Resident set size of process in bytes integer Readonly
mem_used Virtual memory used by process in bytes integer Readonly
pid Process id integer Readonly
ppid Parent process id integer Readonly
process_name Process name string Readonly
start_time Process start time expressed in milliseconds since epoch EpochMsTimestamp Readonly
uptime Milliseconds since process started integer Readonly

NodeProcessPropertiesListResult (schema)

Node process property query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Node process property results array of NodeProcessProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeProperties (schema)

Node properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cli_history_size NSX CLI command history limit, set to 0 to configure no history size limit integer Minimum: 0
cli_output_datetime NSX CLI display datetime stamp in command output boolean
cli_timeout NSX CLI inactivity timeout, set to 0 to configure no timeout integer Minimum: 0
export_type Export restrictions in effect, if any string Readonly
Enum: RESTRICTED, UNRESTRICTED
fully_qualified_domain_name Fully qualified domain name string Readonly
hostname Host name or fully qualified domain name of node SystemHostname
kernel_version Kernel version string Readonly
motd Message of the day to display when users login to node using the NSX CLI string or null
node_type Node type string Readonly
Enum: NSX Manager, NSX Global Manager, NSX Edge, NSX Autonomous Edge, NSX Cloud Service Manager, NSX Public Cloud Gateway
node_uuid Node Unique Identifier string Readonly
Maximum length: 36
node_version Node version string Readonly
product_version Product version string Readonly
system_datetime System date time in UTC DatetimeUTC
system_time Current time expressed in milliseconds since epoch EpochMsTimestamp Readonly
timezone Timezone string

NodeProtonServiceProperties (schema)

Node service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties Service properties LoggingServiceProperties

NodeResources (schema)

Node resources

Required node resources to deploy a form factor

Name Description Type Notes
cpu Number of CPU cores

Number of CPU cores required to deploy a form factor.
integer
disk Disk required in GB

Disk required to deploy a form factor.
integer
ephemeral_storage Transient storage required in GB

Transient storage required to deploy a form factor.
integer
number_of_master_nodes Number of master nodes

Required number of master nodes.
integer
number_of_worker_nodes Number of worker nodes

Required number of worker nodes.
integer
ram Memory required in GB

Memore required to deploy a form factor.
integer

NodeRouteProperties (schema)

Node network route properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
destination Destination covered by route string
from_address From address string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
gateway Address of next hop string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
interface_id Network interface id of route string
metric Metric value of route string
netmask Netmask of destination covered by route string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
proto Routing protocol identifier of route string Enum: unspec, redirect, kernel, boot, static, gated, ra, mrt, zebra, bird, dnrouted, xorp, ntk, dhcp
Default: "boot"
route_id Unique identifier for the route string Readonly
route_type Route type string Required
Enum: default, static, blackhole, prohibit, throw, unreachable
scope Scope of destinations covered by route string
src Source address to prefer when sending to destinations of route string Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"

NodeRoutePropertiesListResult (schema)

Node network route properties list results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Node route property results array of NodeRouteProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeRtepIpsConfig (schema)

Name Description Type Notes
member_index System generated index for cluster member

System generated index for cluster member		 int Readonly
rtep_ips Remote tunnel endpoint ip address. array of IPAddress Readonly
transport_node_id UUID of edge transport node

Identifier of the transport node backed by an Edge node		 string Readonly

NodeSearchDomainsProperties (schema)

Node network search domains properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
search_domains Search domains array of string Required

NodeServiceProperties (schema)

Node service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required

NodeServicePropertiesListResult (schema)

Node service property query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Node service property results array of NodeServiceProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeServiceStatusProperties (schema)

Node service status properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
health Service health in addition to runtime_state string Readonly
Enum: STABLE, DEGRADED
monitor_pid Service monitor process id integer Readonly
monitor_runtime_state Service monitor runtime state string Readonly
Enum: running, stopped
pids Service process ids array of integer Readonly
reason Reason for service degradation string Readonly
runtime_state Service runtime state string Readonly
Enum: running, stopped

NodeSnmpServiceProperties (schema)

Node SNMP service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties SNMP Service properties SnmpServiceProperties Required

NodeSnmpV3EngineID (schema)

SNMP V3 Engine Id

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
v3_engine_id SNMP v3 engine id string Required

NodeSshServiceProperties (schema)

Node SSH service properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
service_name Service name string Required
service_properties SSH Service properties SshServiceProperties

NodeStatus (schema)

Runtime status information of the fabric node.

Name Description Type Notes
external_id HostNode external id string
host_node_deployment_status Install/Uninstall status of deployment.

This enum specifies the current nsx install state for host node or
current deployment and ready state for edge node.
The ready status 'NODE_READY' indicates whether edge node is
ready to become a transport node.
The status 'EDGE_CONFIG_ERROR' indicates that edge hardware or underlying
host is not supported. After all fabric level operations are done for an
edge node, this value indicates transport node related configuration
issues and state as relevant.
string Readonly
Enum: NOT_PREPARED, INSTALL_IN_PROGRESS, INSTALL_FAILED, INSTALL_SUCCESSFUL, INSTALL_SKIPPED, UNINSTALL_IN_PROGRESS, UNINSTALL_FAILED, UNINSTALL_SUCCESSFUL, UNINSTALL_SCHEDULED, UNINSTALL_SKIPPED, UPGRADE_IN_PROGRESS, UPGRADE_FAILED, PENDING_UPGRADE, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, HOST_DISCONNECTED, POWERED_OFF, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_NETWORK_EDIT_PENDING, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, REPLACE_FAILED, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE
inventory_sync_paused Is true if inventory sync is paused else false boolean Readonly
inventory_sync_reenable_time Inventory sync auto re-enable target time, in epoch milis EpochMsTimestamp Readonly
last_heartbeat_timestamp Timestamp of the last heartbeat status change, in epoch milliseconds. EpochMsTimestamp Readonly
last_sync_time Timestamp of the last successful update of Inventory, in epoch milliseconds. EpochMsTimestamp Readonly
lcp_connectivity_status Indicates the fabric node's LCP<->CCP channel connectivity status, UP, DOWN, DEGRADED, UNKNOWN. string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN
Default: "UNKNOWN"
lcp_connectivity_status_details Details, if any, about the current LCP<->CCP channel connectivity status of the fabric node. array of ControlConnStatus Readonly
Default: "[]"
maintenance_mode Indicates the fabric node's status of maintenance mode, OFF, ENTERING, ON, EXITING. string Readonly
Enum: OFF, ENTERING, ON, EXITING
mpa_connectivity_status Indicates the fabric node's MP<->MPA channel connectivity status, UP, DOWN, UNKNOWN. string Readonly
Enum: UP, DOWN, UNKNOWN
mpa_connectivity_status_details Details, if any, about the current MP<->MPA channel connectivity status of the fabric node. string Readonly
software_version Software version of the fabric node. string Readonly
system_status Node status properties NodeStatusProperties Readonly

NodeStatusProperties (schema)

Node status properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cpu_cores Number of CPU cores on the system integer Readonly
cpu_usage CPU usage of DPDK and non-DPDK core groups

Highest and average usage of DPDK and non-DPDK core of Edge Node.		 CpuUsage Readonly
disk_space_total Amount of disk space available on the system, in kilobytes

Amount of disk space available on the system, in kilobytes.		 integer Readonly
disk_space_used Amount of disk space in use on the system, in kilobytes integer Readonly
dpdk_cpu_cores Number of DPDK CPU cores on the system

Number of DPDK cores on Edge Node which are used for packet IO processing.		 integer Readonly
edge_mem_usage Memory usage of edge node

Point in time usage of system, datapath, swap and cache memory in edge node. Valid only for Edge transport node.		 EdgeTransportNodeMemoryUsage Readonly
file_systems File systems configured on the system array of NodeFileSystemProperties Readonly
hostname Host name of the system string Readonly
load_average One, five, and fifteen minute load averages for the system array of number Readonly
mem_cache Amount of RAM on the system that can be flushed out to disk, in kilobytes integer Readonly
mem_total Amount of RAM allocated to the system, in kilobytes integer Readonly
mem_used Amount of RAM in use on the system, in kilobytes integer Readonly
non_dpdk_cpu_cores Number of non-DPDK CPU cores on the system

Number of non-DPDK cores on Edge Node.		 integer Readonly
source Source of status data. DataSourceType Readonly
swap_total Amount of disk available for swap, in kilobytes integer Readonly
swap_used Amount of swap disk in use, in kilobytes integer Readonly
system_time Current time expressed in milliseconds since epoch EpochMsTimestamp Readonly
uptime Milliseconds since system start integer Readonly

NodeSummary (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
component_version Component version string Required
Readonly
node_count Count of nodes

Number of nodes of the type and at the component version		 int Required
Readonly
type Node type string Required
Readonly
upgrade_unit_subtype UpgradeUnit sub type string Readonly
Enum: RESOURCE, ACTION

NodeSummaryList (schema)

Name Description Type Notes
results List of Node Summary array of NodeSummary Required

NodeSyslogExporterProperties (schema)

Node syslog exporter properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
exporter_name Syslog exporter name string Required
facilities Facilities to export array of SyslogFacility
level Logging level to export string Required
Enum: EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG
msgids MSGIDs to export array of string
port Port to export to, defaults to 514 for TCP, TLS, UDP protocols or 9000 for LI, LI-TLS protocols integer Minimum: 1
Maximum: 65535
protocol Export protocol string Required
Enum: TCP, TLS, UDP, LI, LI-TLS
server IP address or hostname of server to export to HostnameOrIPv4Address Required
structured_data Structured data to export array of string
tls_ca_pem CA certificate PEM of TLS server to export to string
tls_cert_pem Certificate PEM of the rsyslog client string
tls_client_ca_pem CA certificate PEM of the rsyslog client string
tls_key_pem Private key PEM of the rsyslog client string

NodeSyslogExporterPropertiesListResult (schema)

Node syslog exporter list results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Node syslog exporter results array of NodeSyslogExporterProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeTime (schema)

Node system time in UTC

Node system time in UTC

Name Description Type Notes
system_datetime Datetime string in UTC DatetimeUTC Required

NodeType (schema)

Node Type

Name Description Type Notes
NodeType Node Type string

NodeUserPasswordProperty (schema)

Name Description Type Notes
password The new password for user string Required

NodeUserProperties (schema)

Node user properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
full_name Full name for the user string
last_password_change Number of days since password was last changed integer Readonly
Minimum: 0
Maximum: 2147483647
old_password Old password for the user (required on PUT if password specified) string
password Password for the user (optionally specified on PUT, unspecified on GET) string
password_change_frequency Number of days password is valid before it must be changed

Number of days password is valid before it must be changed. This can be set to 0 to indicate no password change is required or a positive integer up to 9999. By default local user passwords must be changed every 90 days.		 integer Minimum: 0
Maximum: 9999
password_reset_required Boolean value that states if a password reset is required boolean
status User status

Status of the user. This value can be ACTIVE indicating authentication attempts will be successful if the correct credentials are specified. The value can also be PASSWORD_EXPIRED indicating authentication attempts will fail because the user's password has expired and must be changed. Or, this value can be NOT_ACTIVATED indicating the user's password has not yet been set and must be set before the user can authenticate.		 string Readonly
Enum: ACTIVE, PASSWORD_EXPIRED, NOT_ACTIVATED
userid Numeric id for the user integer Readonly
Minimum: 0
Maximum: 2147483647
username User login name (must be "root" if userid is 0) string Minimum length: 1
Maximum length: 32
Pattern: "^[a-zA-Z][a-zA-Z0-9@-_.\-]*$"

NodeUserPropertiesListResult (schema)

Node users list results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of node users array of NodeUserProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NodeUserSettings (schema)

Name Description Type Notes
audit_password Node audit user password

Password for the node audit user. For deployment,
this property is required. After deployment, this property is ignored, and
the node cli must be used to change the password.
The password specified must be at least 12 characters in length and must
contain at least one lowercase, one uppercase, one numeric character and
one special character (except quotes). Passwords based on dictionary words
and palindromes are invalid.
string
audit_username CLI "audit" username

The default username is "audit". To configure username, you must provide
this property together with audit_password. Username must contain
ASCII characters only.
string Pattern: "^[\x00-\x7F]+$"
cli_password Node cli password

Password for the node cli user. For deployment,
this property is required. After deployment, this property is ignored, and
the node cli must be used to change the password.
The password specified must be at least 12 characters in length and must
contain at least one lowercase, one uppercase, one numeric character and
one special character (except quotes). Passwords based on dictionary words
and palindromes are invalid.
string
cli_username CLI "admin" username

To configure username, you must provide this property together with
cli_password. Username must contain ASCII characters only.
string Pattern: "^[\x00-\x7F]+$"
Default: "admin"
root_password Node root user password

Password for the node root user. For deployment,
this property is required. After deployment, this property is ignored, and
the node cli must be used to change the password.
The password specified must be at least 12 characters in length and must
contain at least one lowercase, one uppercase, one numeric character and
one special character (except quotes). Passwords based on dictionary words
and palindromes are invalid.
string

NodeVersion (schema)

Name Description Type Notes
node_version Node version string Readonly
product_version Product version string Readonly

NormalizationListRequestParameters (schema)

Normalization list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
preferred_normalization_type Type to which the resource is to be normalized.

Type to which the resource needs to be normalized. Multiple types
can be passed by repeating the parameter. The order in which the
types are passed is honored and decides to which type the resource is
normalized. The resource is normalized to the first type in the list
to which it can be normalized.

For example, consider an NSGroup NS1 that has an LSwitch LS1. Assume
that NS1 is being normalized to a list of translated entities
[LSwitch, LPort]. As LSwitch is the first translated entity to which
NSGroup can be translated, the translation will return a list having
the LSwitch LS1.

Normalization is supported from NSGroup to NSGroup, LogicalSwitch,
LogicalPort, IPSets and MACSets.
NormalizationTargetType Required
resource_id Identifier of the resource on which normalization is to be performed string Required
resource_type Type of the resource for which normalization is to be performed NormalizationSourceType Required
sort_ascending boolean
sort_by Field by which records are sorted string

NormalizationSourceType (schema)

Resource type valid for use as source in normalization API.

Name Description Type Notes
NormalizationSourceType Resource type valid for use as source in normalization API. string Enum: NSGroup

NormalizationTargetType (schema)

Resource type valid for use as target in normalization API.

Name Description Type Notes
NormalizationTargetType Resource type valid for use as target in normalization API. string Enum: NSGroup, IPSet, MACSet, LogicalSwitch, LogicalPort, DirectoryGroup

NormalizedResourceListResult (schema)

Paged Collection of normalized resources

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Normalized resource list results array of ResourceReference Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Notification (schema)

Name Description Type Notes
notification_id A string identifying feature_name.notification_name

A string identifying feature_name.notification_name to indicate a notification watcher is interested in receiving notifications for the URI identified by the feature_name.notification_name.		 string
uri_filters Optional list of URIs array of string

NotificationAuthenticationScheme (schema)

NotificationAuthenticationScheme describes how notification requests should authenticate to the server.

Name Description Type Notes
certificate_id Valid certificate ID

Certificate ID with a valid certificate and private key, procured from trust-management API.		 string
password Password for authentication

Password to use if scheme_name is BASIC_AUTH.		 string
scheme_name Authentication scheme to use when making notification requests

Authentication scheme to use when making notification requests to the partner/customer specified watcher. Specify one of BASIC_AUTH or CERTIFICATE.		 string Required
Enum: BASIC_AUTH, CERTIFICATE
username Username for authentication

Username to use if scheme_name is BASIC_AUTH.		 string

NotificationWatcher (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authentication_scheme Scheme to authenticate requests sent to the server

A NotificationAuthenticationScheme that describes how notification requests should authenticate to the server.		 NotificationAuthenticationScheme Required
certificate_sha256_thumbprint SHA256 thumbprint of the HTTPS certificate

Contains the hex-encoded SHA256 thumbprint of the HTTPS certificate. It must be specified if use_https is set to true.		 string
description Description associated with this notification watcher

Optional description that can be associated with this NotificationWatcher.		 string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Identifier to identify a notification watcher uniquely

System generated identifier to identify a notification watcher uniquely.
string Readonly
max_send_uri_count Optional maximum number of notification URIs batched in a single notification request

If the number of notification URIs accumulated in specified send_interval exceeds max_send_uri_count, then multiple notification requests (each with max_send_uri_count or less number of notification URIs) will be sent to this NotificationWatcher. The default value is 5000.		 integer Minimum: 1
Maximum: 5000
Default: "5000"
method Type of method notification requests should be made on the server

Type of method notification requests should be made on the specified server. The value must be set to POST.		 string Required
Enum: POST
port Integer port value to specify a non-standard HTTP or HTTPS port

Optional integer port value to specify a non-standard HTTP or HTTPS port.		 integer Minimum: 0
Maximum: 65535
resource_type Must be set to the value NotificationWatcher string
send_interval Optional time interval for which notification URIs will be accumulated

Optional time interval (in seconds) for which notification URIs will be accumulated. At the end of the time interval the accumulated notification URIs will be sent to this NotificationWatcher in the form of zero (nothing accumulated) or more notification requests as soon as possible. If it is not specified, the NotificationWatcher should expected to receive notifications at any time.		 integer Minimum: 30
send_timeout Optional time period within which response for a notification request should be received from this NotificationWatcher

Optional time duration (in seconds) to specify request timeout to notification watcher. If the send reaches the timeout, will try to send refresh_needed as true in the next time interval. The default value is 30 seconds.		 integer Minimum: 1
Default: "30"
server IP address or fully qualified domain name of watcher

IP address or fully qualified domain name of the partner/customer watcher.		 string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
uri URI notification requests should be made on the server

URI notification requests should be made on the specified server.		 string Required
use_https Flag to indicate if REST API server should use HTTPS

Optional field, when set to true indicates REST API server should use HTTPS.		 boolean Default: "False"

NotificationWatcherListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of notification watchers array of NotificationWatcher Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NotificationsList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
notifications array of Notification
resource_type Must be set to the value NotificationsList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

NsLookupParameters (schema) (Deprecated)

The parameters of nslookup

The parameters for DNS nslookup.

Name Description Type Notes
address IP address or FQDN for nslookup

IP address or FQDN for this lookup
string
server_ip Target server used for this lookup

If absent, the underlying DNS forwarder will be used as the target
server. And the answer could be cached by the forwarder if it was not
cached yet. If provided, the query will go directly to the given server.
You will need to ensure this address represents a workable and reachale
DNS server. The answer will not be cached by the forwarder unless this
server_ip is exactly the same listener ip of the forwarder.
IPv4Address
source_ip Source ip used for this lookup

Source ip used for this lookup. If absent, the listener ip of the
underlying DNS forwarder will be used as the source ip. If provided, you
will need to ensure this source ip is valid and can be routed back to
the transport node via data plane
IPv4Address

NsxEntity (schema)

Name Description Type Notes
NsxEntity string Enum: HTTP, DATASTORE, MANAGER, POLICY, CONTROLLER

NsxFirewallRule (schema)

NSX firewall rule and the details/errors

NSX firewall rule and the details like source, destionation, service etc.
and errors occurred while realization. Rule errors are populated if failed
to realize for an Agentless VM.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_owner Owner of this resource OwnerResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
action Action

Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures. ALLOW_CONTINUE - Allows rules to jump from this rule. Action on matching rules in the destination category will decide next step. Application is default destination until new categories are supported to jump to. DETECT_PREVENT - Detect and Prevent IDS Signatures.		 string Required
Enum: ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT, ALLOW_CONTINUE, DETECT_PREVENT
applied_tos AppliedTo List

List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any.		 array of ResourceReference Maximum items: 128
context_profiles Context Profiles

NS Profile object which accepts attributes and sub-attributes of various network services (ex. L7 AppId, domain name, encryption algorithm) as key value pairs.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination List

List of the destinations. Null will be treated as any.		 array of ResourceReference Maximum items: 128
destinations_excluded Negation of destination

Negation of the destination.		 boolean Default: "False"
direction Rule direction

Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.		 string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Rule enable/disable flag

Flag to disable rule. Disabled will only be persisted but never provisioned/realized.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_details NSX firewall rule error details

Provides the error message if the NSX rule failed to realize		 CloudErrorDetails Readonly
extended_sources Extended Sources

List of NSGroups that have end point attributes like AD Groups(SID), process name, process hash etc. For Flash release, only NSGroups containing AD Groups are supported.		 array of ResourceReference Maximum items: 128
id Identifier of the resource string Readonly
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.		 string Enum: IPV4, IPV6, IPV4_IPV6
Default: "IPV4_IPV6"
is_default Default rule

Flag to indicate whether rule is default.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
notes Notes

User notes specific to the rule.		 string Maximum length: 2048
priority Rule priority

Priority of the rule.		 integer Readonly
resource_type Must be set to the value NsxFirewallRule string
rule_tag Tag

User level field which will be printed in CLI and packet logs.		 string Maximum length: 32
section_id Section Id

Section Id of the section to which this rule belongs to.		 string Readonly
services Service List

List of the services. Null will be treated as any.		 array of FirewallService Maximum items: 128
sources Source List

List of sources. Null will be treated as any.		 array of ResourceReference Maximum items: 128
sources_excluded Negation of source

Negation of the source.		 boolean Default: "False"
status Provides the status of NSX firewall rule on the cloud

SUCCEEDED - NSX firewall rule is successfully realized on the cloud
FAILED - NSX firewall rule has failed to realized on the cloud and has errors
string Readonly
Enum: SUCCEEDED, FAILED

NsxFirewallRulesListRequestParameters (schema)

NSX firewall rules list request parameters

A set of optional filter parameters to list NSX firewall rules of a cloud VM

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
status NSX firewall rule realization status on the cloud

Optional filter parameter to the NSX firewall rules of a cloud VM based on it's realization status
SUCCEEDED - NSX firewall rule is successfully realized on the cloud
FAILED - NSX firewall rule has failed to realized on the cloud and has errors
string Enum: SUCCEEDED, FAILED

NsxFirewallRulesListResult (schema)

NSX firewall rules List Result

List of NSX firewall rules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NSX firewall rules List Result

List of NSX firewall rules		 array of NsxFirewallRule Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NsxManagerAccount (schema)

NSX Manager Account Structure

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fqdn Fully Qualified Domain Name string Format: hostname-or-ip
id Unique identifier of this resource string Sortable
password Password of the NSX Manager Account string
private_ip Private IP Address of the NSX Manager Account string
public_ip Public IP Address of the NSX Manager Account string
resource_type Must be set to the value NsxManagerAccount string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tenant_id Tenant ID of the NSX Manager account string
thumbprint Thumb print of the NSX Manager Account string
token One time access token for Nsx Manager registration

This field can be used for using one time access token for Nsx Manager
registration.
string
username Username of the NSX Manager Account string Required

NsxManagerAccountsListResult (schema)

NSX Manager Accounts list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NSX Manager Accounts list array of NsxManagerAccount
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

NsxNodeType (schema)

Valid NSX node type

Name Description Type Notes
NsxNodeType Valid NSX node type string Enum: NSX_ESX, NSX_KVM, NSX_BAREMETAL_SERVER, NSX_EDGE, NSX_PUBLIC_CLOUD_GATEWAY, NSX_MANAGER, NSX_POLICY_MANAGER, NSX_CONTROLLER, GLOBAL_MANAGER

NsxRole (schema)

Role

Name Description Type Notes
permissions Permissions

Please use the /user-info/permissions api to get the permission that the user has on each feature.		 array of string Deprecated
Enum: read-api, read-write-api, crud, read, execute, none
role Role ID

This field represents the identifier of the role. With the introduction of custom roles, this field is no longer an enum.		 string Required

NsxSecurityRuleErrorDetails (schema)

NSX Security Rule Error

Stores information about a NSX security rule error.

Name Description Type Notes
error_id Error ID

ID of the error.		 string Readonly
error_message Error Message

Detailed message about the error.		 string Readonly
rule_id Rule ID

ID of the NSX security rule.		 string Readonly

NsxTDNSForwarderStatistics (schema)

Statistics counters of the DNS forwarder

The current statistics counters of the DNS forwarder including cache usages
and query numbers per forwarders, on an NSX-T type of enforcement point.

Name Description Type Notes
cached_entries The total number of cached entries integer Readonly
conditional_forwarder_statistics The statistics of conditional forwarder zones array of NsxTDNSForwarderZoneStatistics Readonly
Minimum items: 0
Maximum items: 5
configured_cache_size The configured cache size, in kb integer Readonly
default_forwarder_statistics The statistics of default forwarder zone NsxTDNSForwarderZoneStatistics Readonly
enforcement_point_path Enforcement point path

Policy path referencing the enforcement point from where the statistics are fetched.
string Readonly
queries_answered_locally The total number of queries answered from local cache integer Readonly
queries_forwarded The total number of forwarded DNS queries integer Readonly
resource_type Must be set to the value NsxTDNSForwarderStatistics string Required
Enum: NsxTDNSForwarderStatistics
timestamp Time stamp of the current statistics, in ms EpochMsTimestamp Readonly
total_queries The total number of received DNS queries integer Readonly
used_cache_statistics The statistics of used cache array of NsxTPerNodeUsedCacheStatistics Readonly
Minimum items: 0
Maximum items: 2

NsxTDNSForwarderStatus (schema)

The current runtime status of DNS forwarder

The current runtime status of the DNS forwarder.

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path referencing the enforcement point from where the status is fetched.
string Readonly
extra_message Extra message, if available string Readonly
resource_type Must be set to the value NsxTDNSForwarderStatus string Required
Enum: NsxTDNSForwarderStatus
status UP means the DNS forwarder is working correctly on the active transport
node and the stand-by transport node (if present). Failover will occur
if either node goes down.
DOWN means the DNS forwarder is down on both active transport node and
standby node (if present). The DNS forwarder does not function in this
situation.
Error means there is some error on one or both transport node, or no
status was reported from one or both transport nodes. The DNS forwarder
may be working (or not working).
NO_BACKUP means DNS forwarder is working in only one transport node,
either because it is down on the standby node, or no standby is configured.
An forwarder outage will occur if the active node goes down.
string Readonly
Enum: UP, DOWN, ERROR, NO_BACKUP, UNKNOWN
timestamp Time stamp of the current status, in ms EpochMsTimestamp Readonly

NsxTDNSForwarderZoneStatistics (schema)

Statistics counters of the DNS forwarder zone

Statistics counters of the DNS forwarder zone.

Name Description Type Notes
domain_names Domain names configured for the forwarder

Domain names configured for the forwarder. Empty if this is the
default forwarder.
array of string Readonly
Minimum items: 0
Maximum items: 100
upstream_statistics Statistics per upstream server. array of NsxTUpstreamServerStatistics Readonly
Minimum items: 0
Maximum items: 3

NsxTDnsAnswer (schema)

Answer of dns nslookup

Name Description Type Notes
authoritative_answers Authoritative answers array of NsxTDnsQueryAnswer Minimum items: 1
Maximum items: 256
dns_server Dns server information

Dns server ip address and port, format is "ip address#port".
string Required
edge_node_id Edge node id

ID of the edge node that performed the query.
string Required
enforcement_point_path Enforcement point path

Policy path referencing the enforcement point from where the
DNS forwarder nslookup answer is fetched.
string Readonly
non_authoritative_answers Non authoritative answers array of NsxTDnsQueryAnswer Minimum items: 1
Maximum items: 256
raw_answer Raw message returned from the dns forwarder

It can be NXDOMAIN or error message which is not consisted of
authoritative_answer or non_authoritative_answer.
string
resource_type Must be set to the value NsxTDnsAnswer string Required
Enum: NsxTDnsAnswer

NsxTDnsQueryAnswer (schema)

Answer of nslookup

Name Description Type Notes
address Matched ip address

Resolved IP address matched with the nslookup address provided
as a request parameter.
string
name Matched name

Matched name of the given address.
string

NsxTPerNodeUsedCacheStatistics (schema)

Per node used cache query statistics counters

Query statistics counters of used cache from node

Name Description Type Notes
cached_entries The total number of cached entries integer Readonly
node_id UUID of active/standby transport node string Readonly
used_cache_size The memory size used in cache, in kb integer Readonly

NsxTUpstreamServerStatistics (schema)

Upstream server query statistics counters

Query statistics counters to an upstream server including successfully
forwarded queries and failed queries.

Name Description Type Notes
queries_failed Queries failed to forward. integer Readonly
queries_succeeded Queries forwarded successfully integer Readonly
upstream_server Upstream server ip IPAddress Readonly

NsxtNodeType (schema)

Valid NSX node type

Name Description Type Notes
NsxtNodeType Valid NSX node type string Enum: NSX_ESX, NSX_KVM, NSX_BAREMETAL_SERVER, NSX_EDGE, NSX_PUBLIC_CLOUD_GATEWAY, NSX_MANAGER, NSX_POLICY_MANAGER, NSX_CONTROLLER, GLOBAL_MANAGER

NsxtSite (schema)

Details about NSX-T site

Details about NSX-T site.

Name Description Type Notes
federation_site_display_name Display name for the federation site

Display name for the federation site.		 string Readonly
federation_site_id Federation site id

Federation site id.		 string Required
Readonly
federation_site_type Type of the federation site

Type of federation site. It can be GlobalManager or Site.		 string Required
Readonly
Enum: GlobalManager, Site
nsxt_ip IP address of NSX-T appliance

IP address of NSX-T appliance at the site.		 string Readonly
Format: hostname-or-ip

NsxtSiteToAviMapping (schema)

Details about mapping of NSX-T site to AVI LB endpoint

Details about mapping of NSX-T site to AVI LB endpoint.

Name Description Type Notes
avi_lb_endpoint AVI LB endpoint details

AVI LB endpoint details.		 AviEndPoint Required
Readonly
federation_site_id Federation NSX-T site id

Federation NSX-T site id.		 string Required
Readonly

NtpProperties (schema)

NTP service properties

This object contains the list of NTP servers used by NSX nodes.

Name Description Type Notes
servers NTP servers

List of NTP servers.		 array of HostnameOrIPv4Address Required

NtpServiceProperties (schema)

NTP Service properties

Name Description Type Notes
servers NTP servers array of HostnameOrIPv4Address Required
start_on_boot Start NTP service when system boots boolean Default: "True"

NvdsUpgradeConfigIssue (schema)

Issues reported by upgrade readiness check

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
component Name of the component/object string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error Error for the component describing precheck failure string Readonly
id Unique identifier of this resource string Sortable
objid Id of the object that generated error string Required
Readonly
recommendation Recommendation to resolve the error returned for component string Required
Readonly
resource_type Must be set to the value NvdsUpgradeConfigIssue string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
warning Warning for the component describing precheck failure string Readonly

NvdsUpgradeHostState (schema)

Individual host upgrade state

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dn_ext_id DiscoveredNode identifier string Readonly
host TransportNode identifier string Required
Readonly
id Unique identifier of this resource string Sortable
ip_address TransportNode ip address string Readonly
overall_state Overall state of N-VDSes on the TransportNodes string Required
Readonly
Enum: UPGRADE_READY, UPGRADE_PROCESSING, UPGRADE_QUEUED, UPGRADE_IN_PROGRESS, UPGRADE_FAILED, SUCCESS
resource_type Must be set to the value NvdsUpgradeHostState string
state_details Details of the N-VDS upgrade state on the host array of string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
upgrade_stage Current migration task stage

This field returns current stage of Migration task. Here is a sequence
of stages the task cycles through,
TN_MIGRATION_TASK_IN_QUEUE
RETRIEVE_SAVED_CONFIG,
TN_VALIDATE,
VMS_RETRIVAL,
VMS_UNREGISTRATION,
TN_STATELESS_WAIT_FOR_HP,
DETACH_TNP,
TNP_WAIT,
TN_SEND_HS_MIGRATION_MSG,
TN_ADD_HOST_TO_VDS,
TN_UPDATE,
TN_UPDATE_WAIT,
TN_DELETE,
TN_DELETE_WAIT,
FN_DELETE_WAIT,
TN_RECONFIG_HOST,
TN_CREATE,
TN_CREATE_WAIT,
UPDATE_TNP_AND_APPLY,
TN_EXIT_MM,
VMS_REGISTRATION,
VMS_REGISTRATION_WAIT,
TN_MIGRATION_COMPLETED
Depending on the type of host (stateful, stateless, Sddc, etc.) migration
task may not cycle through all stages but in will follow above sequence.
If stage is TN_MIGRATION_COMPLETED refer to field overall_state for SUCCESS
or UPGRADE_FAILURE and state_details for details on same.
string Readonly

NvdsUpgradePrecheckId (schema)

Nvds upgrade precheck ID

Name Description Type Notes
precheck_id Tracking ID of nvds upgrade precheck string Required
Readonly

NvdsUpgradePrecheckParameters (schema)

Parameters of nvds upgrade precheck

Name Description Type Notes
tolerate_different_configurations tolerate differnet configurations boolean Readonly
Default: "True"

NvdsUpgradeStatusSummary (schema)

Overall status of the upgrade readiness check

Name Description Type Notes
migration_state Overall state of migration across all TransportNodes array of NvdsUpgradeHostState Required
Readonly
precheck_id Tracking ID of nvds upgrade precheck string Readonly
precheck_issue Config issue in pre-check array of NvdsUpgradeConfigIssue Required
Readonly
precheck_status Overall status of pre-check string Required
Readonly
Enum: IN_PROGRESS, FAILED, PENDING_TOPOLOGY, APPLYING_TOPOLOGY, APPLY_TOPOLOGY_FAILED, READY

NvdsUpgradeSummaryParameters (schema)

Parameters to query nvds upgrade summary

Name Description Type Notes
cluster_id cluster identifier string

NvdsUpgradeTopology (schema)

NVDS to VDS mappings for migration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
compute_manager_topology All resultant VDS mapping for a NVDS after the migration array of ComputeManagerTopology Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
nvds_id Identifier for a NVDS string Required
nvds_name Name of a NVDS string Required
resource_type Must be set to the value NvdsUpgradeTopology string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

Oauth2Credentials (schema)

Oauth2 Account Credentials

Name Description Type Notes
client_id Client ID

Client ID, that will be used for authentication in AWS environment,		 string Required
client_secret Client Secret

Client secret, that will be used for authentication in AWS environment. Can be some passphrase.		 string Required

ObjectRolePermissionGroup (schema)

RBAC Objects qualifier

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
inheritance_disabled Does children of this object inherit this rule boolean Default: "False"
operation Allowed operation string Enum: crud, read, execute, none
path_prefix Path prefix string Required
resource_type Must be set to the value ObjectRolePermissionGroup string
role_name Role name string Required
rule_disabled Is rule disabled or not boolean Default: "False"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ObjectRolePermissionGroupListRequestParameters (schema)

RBAC Objects qualifier

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
inheritance_disabled Does children of this object inherit this rule boolean Default: "False"
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
path_prefix Path prefix string
role_name Role name string
sort_ascending boolean
sort_by Field by which records are sorted string

ObjectRolePermissionGroupListResult (schema)

Paged collection of RBAC Objects

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results ObjectRolePermissionGroup list results array of ObjectRolePermissionGroup Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

OidcEndPoint (schema)

OpenID Connect end-point

OpenID Connect end-point specifying where to fetch the JWKS document used to
validate JWT tokens for TokenBasedPrincipalIdentities.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authorization_endpoint Authorization endpoint

The URL of the OpenID provider's authorization endpoint.		 string Readonly
claims_supported Claims supported

The list of claims that the OpenID provider supports.		 array of string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
issuer JWT token issuer

Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri.
string Readonly
jwks_uri URI of JWKS document

The URI where the JWKS document is located that has the key used to validate the JWT signature.
string Readonly
name Unique name for this OpenID Connect end-point

A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint.		 string
oidc_type OIDC Type

Type used to distinguish the OIDC end-points by IDP.		 string Enum: vcenter, ws_one
Maximum length: 255
Default: "vcenter"
oidc_uri OpenID Connect URI

URI of the OpenID Connect end-point.		 string Required
Maximum length: 255
override_roles Roles used instead of token roles

When specified this role or roles are used instead of the nsx-role in the JWT		 array of string Readonly
resource_type Must be set to the value OidcEndPoint string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
thumbprint Thumbprint

Thumbprint in SHA-256 format used to verify the server certificate at the URI.
string Required
Maximum length: 255
token_endpoint Token endpoint

The URL of the OpenID provider's token endpoint.		 string Readonly
userinfo_endpoint Userinfo endpoint

The URL of the OpenID provider's userinfo endpoint.		 string Readonly

OidcEndPointListResult (schema)

OidcEndPoint query result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results OidcEndPoint list. array of OidcEndPoint Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

OidcRefreshParameter (schema)

Name Description Type Notes
refresh Refresh meta-data

Whether to fetch and update the OIDC meta-data.
boolean Default: "False"

OpenLdapIdentitySource (schema)

An OpenLDAP identity source service

An identity source service that runs OpenLDAP. The service allows selected user accounts defined in OpenLDAP to log into and access NSX-T.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alternative_domain_names Additional domains to be directed to this identity source

After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.		 array of string
base_dn DN of subtree for user and group searches

The subtree of the LDAP identity source to search when locating users and groups.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domain_name Authentication domain name

The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use.		 string Required
id Unique identifier of this resource string Sortable
ldap_servers LDAP servers for this identity source

The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.		 array of IdentitySourceLdapServer Maximum items: 3
resource_type Must be set to the value OpenLdapIdentitySource string Required
Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

OperationCollector (schema)

The operation collector is defined to receive stats from hosts. (eg. vRNI-collector collects all the system metrics)

Name Description Type Notes
collector_ip IP address for the operation collector

IP address for the operation collector.		 IPAddress Required
collector_port Port for the operation collector

Port for the operation collector.		 int Required
Minimum: 0
Maximum: 65535
collector_type The operation collector type

Define the operation collector type.		 string Enum: VRNI, WAVE_FRONT
Default: "VRNI"
tracing_port Port for the Wavefront tracing

Port for the Wavefront tracing.		 int Minimum: 0
Maximum: 65535

OperationCollectorGlobalConfig (schema)

NSX global configs for operation collector

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
collectors Operation Collector Config

Operation Collector Config.		 array of OperationCollector
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
report_interval Report interval for operation data in seconds

Report interval for operation data in seconds.		 int Minimum: 1
Maximum: 1800
Default: "30"
resource_type Must be set to the value OperationCollectorGlobalConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

OpsGlobalConfig (schema)

Global Operations configuration

Global Operations configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
in_band_network_telementry The details of INT global configurations

Specify the In-band network telemetry (INT) configuration config in a NSX domain.
Set(resp. Unset) this configuration to enable(resp. disable) traceflow on VLAN logical network.
DscpIndicator
(Abstract type: pass one of the following concrete types)
DscpBit
DscpValue
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
operation_collectors Operation global collector config

The operation collector is defined to receive stats from hosts.
The VRNI and WAVE_FRONT collector type can be defined to collect the metric data.
The WAVE_FRONT collector type can only be used in VMC mode.
array of GlobalCollectorConfig
(Abstract type: pass one of the following concrete types)
VrniGlobalCollector
WaveFrontGlobalCollector
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value OpsGlobalConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

OrgInfo (schema)

Organization ID and role

Organization ID and role, predefined for a particular type of VMware support.

Name Description Type Notes
org_id Org ID

Organization ID, connected to a predefined role of a VMware support.		 string Required
org_role Org role

Predefined role of a VMware support.		 string Required

OspfAreaConfig (schema)

OSPF Area config

Contains OSPF Area configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
area_id OSPF area id

OSPF area-id either in decimal or dotted format.
string Required
area_type OSPF area type

Configures OSPF area with defined area type. If area_type field not specified, default is NSSA.
string Enum: NORMAL, NSSA
Default: "NORMAL"
authentication OSPF area authentication configuration

Enables/Disables authentication for an OSPF area.
OspfAuthenticationConfig
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value OspfAreaConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

OspfAreaConfigListRequestParameters (schema)

Ospf area configuration list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

OspfAreaConfigListResult (schema)

Paged Collection of OSPF area configuration

Collection of OSPF area configuration.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results OSPF area configuration list results

OSPF area configuration list results		 array of OspfAreaConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

OspfAuthenticationConfig (schema)

OSPF Authentication Configuration

Enables OSPF authentication with specified mode and password.

Name Description Type Notes
key_id Authentication secret key id

Authentication secret key id is mandatory for type md5 with min value of 1 and max value 255.
integer Minimum: 1
Maximum: 255
mode Authentication mode

If mode is MD5 or PASSWORD, Authentication secret key is mandatory
if mode is NONE, then authentication is disabled.
string Enum: NONE, PASSWORD, MD5
Default: "NONE"
secret_key Authentication secret key

Authentication secret is mandatory for type password and md5 with min length of 1 and max length 8.
string

OspfDabtabaseCsvRecord (schema)

Name Description Type Notes
results string Readonly

OspfDatabaseListResultInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of OspfDabtabaseCsvRecord Readonly

OspfDatabaseRequestParameters (schema)

OSPF Database list request parameters

Name Description Type Notes
area_id OSPF area identifier

OSPF area identifier either in decimal or dotted format.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Policy path of edge

Policy path of edge to retrieve neighbors.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

OspfDatabaseStatus (schema)

Name Description Type Notes
area_id OSPF area id filter parameter

OSPF area id to filter the the OSPF database.		 string
asbr_summary_link_states array of ASBR summary link state of OSPF database array of MpOspfSummaryLinkStates Required
Readonly
edge_path Policy path to edge node

Policy path to edge node.
string Required
Readonly
external_link_states array of external link of OSPF database array of MpOspfExternalLinkState Required
Readonly
net_link_states array of network link state of OSPF database array of MpOspfNetworkLinkStates Required
Readonly
nssa_external_link_states array of nssa external link of OSPF database array of MpOspfExternalLinkState Required
Readonly
router_link_states array of link state of OSPF database array of MpOspfRouterLinkStates Required
Readonly
summary_link_states array of summary link state of OSPF database array of MpOspfSummaryLinkStates Required
Readonly

OspfNeighbor (schema)

OSPF Neighbor Per Edge

OSPF Neighbor Per Edge.

Name Description Type Notes
edge_display_name Display name for edge node

Display name to edge node.
string
edge_path Policy path to edge node

Policy path to edge node.
string Required
neighbors array of OspfNeighborStatus

OspfNeighborStatus (schema)

OSPF Neighbor Status

OSPF Neighbor Status.

Name Description Type Notes
neighbor_address OSPF neighbor address

OSPF neighbor address.
IPAddress Required
Readonly
neighbor_status_info array of OspfStatusInfo

OspfNeighborStatusRequestParameters (schema)

OSPF Neighbor Status list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Policy path of edge

Policy path of edge to retrieve neighbors.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
neighbor_address OSPF neighbor ip address

OSPF neighbor ip address.
IPAddress
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

OspfNeighborsStatusListResult (schema)

OSPF Neighbor

OSPF Neighbors.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
gateway_path Policy path to Tier0 gateway

Policy path to Tier0 gateway.
string Required
last_update_timestamp Timestamp indicating last update time of data

Timestamp when the data was last updated, unset if data source has never updated the data.		 EpochMsTimestamp Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of OspfNeighbor
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

OspfRoute (schema)

Name Description Type Notes
area OSPF area

OSPF area.		 string Required
Readonly
cost Cost of the route

Cost of the route.		 integer Required
Readonly
next_hops request counter

request counter.		 array of OspfRouteNextHopResult Required
Readonly
route_prefix Learned route prefix

Learned route prefix.		 string Required
Readonly
route_type Type of route

Type of route.		 string Required
Readonly
router_type Type of router

Type of router.		 string Required
Readonly
type_to_cost Type to cost of the route

Type to cost of the route.		 integer Required
Readonly

OspfRouteDetailsInCsvRecord (schema)

Name Description Type Notes
area OSPF area

OSPF area.		 string Required
Readonly
cost Cost of the route

Cost of the route.		 integer Required
Readonly
edge_path Policy edge path

Policy edge path.		 string Required
Readonly
next_hop_directly_attached Check whether OSPF route is directly connected

Check whether OSPF route is directly connected.
boolean Required
Readonly
next_hop_interface_name OSPF policy interface name

OSPF policy interface name.
string Required
Readonly
next_hop_neighbor_address route next hop result

route next hop result.		 IPAddress Required
Readonly
route_prefix Learned route prefix

Learned route prefix.		 string Required
Readonly
route_type Type of route

Type of route.		 string Required
Readonly
router_type Type of router

Type of router.		 string Required
Readonly
type_to_cost Type to cost of the route

Type to cost of the route.		 integer Required
Readonly

OspfRouteNextHopResult (schema)

OSPF route next hop result

OSPF route next hop result.

Name Description Type Notes
directly_attached Check whether OSPF route is directly connected

Check whether OSPF route is directly connected.
boolean Required
Readonly
interface_name OSPF policy interface name

OSPF policy interface name.
string Required
Readonly
neighbor_address next-hop address

next-hop address.
IPAddress Required
Readonly

OspfRoutes (schema)

OSPF Routes Per Edge

OSPF Routes Per Edge.

Name Description Type Notes
edge_display_name Display name for edge node

Display name to edge node.
string
edge_path Policy path to edge node

Policy path to edge node.
string Required
route_details array of OspfRoute

OspfRoutesListResult (schema)

OSPF Routes

OSPF Routes.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
gateway_path Policy path to Tier0 gateway

Policy path to Tier0 gateway.
string Required
last_update_timestamp Timestamp indicating last update time of data

Timestamp when the data was last updated, unset if data source has never updated the data.		 EpochMsTimestamp Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of OspfRoutes
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

OspfRoutesListResultInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of OspfRouteDetailsInCsvRecord Readonly

OspfRoutesRequestParameters (schema)

OSPF Routes list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Policy path of edge

Policy path of edge to retrieve routes.
string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
network_prefix CIDR network address

CIDR network address.
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

OspfRoutingConfig (schema)

OSPF routing config

Contains OSPF routing configurations.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildOspfAreaConfig
default_originate Flag to enable/disable advertisement of default route

Flag to enable/disable advertisement of default route into OSPF domain.
The default route should be present in the edge only then it redistributes the
same into OSPF domain only if this flag is set to TRUE.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
ecmp Flag to enable ECMP

Flag to enable ECMP.
boolean Default: "True"
enabled Flag to enable OSPF routing protocol

Flag to enable OSPF routing protocol. Disabling will stop feature and
OSPF peering.
boolean Default: "False"
graceful_restart_mode OSPF Graceful Restart Mode Configuration

Configuration field to hold OSPF Restart mode .		 string Enum: DISABLE, HELPER_ONLY
Default: "HELPER_ONLY"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value OspfRoutingConfig string
summary_addresses List of OSPF summary address configuration to summarize external routes

List of summary address configruation to summarize or filter external routes based on the
setting of advertise flag in each OspfSummaryAddressConfig
array of OspfSummaryAddressConfig Maximum items: 1000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

OspfStatusInfo (schema)

Name Description Type Notes
database_summary_counter Database summary counter

Database summary counter.		 integer Required
Readonly
dead_time Time remaining before considering OSPF neighbor dead

Time remaining in before considering OSPF neighbor dead.		 string Required
Readonly
interface_name Tier0 interface name

Tier0 interface name.		 string Required
Readonly
last_state_change Time since last change in state

Time since last change in state.		 string Required
Readonly
priority Priority of the neighbor

Priority of the neighbor.		 integer Required
Readonly
request_counter request counter

request counter.		 integer Required
Readonly
retransmit_counter Retransmit request counter

Retransmit request counter.		 integer Required
Readonly
source_address Multicast source address

Multicast source address.		 IPAddress Required
Readonly
state OSPF neighbor state

OSPF neighbor state.		 string Required
Readonly

OspfSummaryAddressConfig (schema)

OSPF Summary Address Configuration

OSPF summary address configuration to summarize external routes

Name Description Type Notes
advertise Flag to enable/disable summarization of external routes

Used to filter the advertisement of external routes into the OSPF domain.
Setting this field to "TRUE" will enable the summarization of external routes that are covered by
ip_prefix configuration.
Setting this field to "FALSE" will filter the advertisement of external routes that are covered by
ip_prefix configuration.
boolean Default: "True"
prefix OSPF Summary address in CIDR format string Required
Format: ip-cidr-block

OverrideDeleteRequestParameters (schema)

Override delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"
override Delete the locally overriden global object

If true, the overridden object can be deleted locally. This
will restore the global resource as the intended configuration
for this site.
boolean Default: "False"

OverrideRequestParameters (schema)

Override request parameters

Name Description Type Notes
override Locally override the global object

If true, the global resource can be over written locally. This
means that there will be a local only resource in place of the
global resource that can reflect local specific settings and
values. The global object will continue to exist but will not
be used for any configuration until this local object is
removed. When the object is overridden the Global resource
continues to exist unmodified, while the overridden object is
created with all of the user specified values. The Global resource
may be updated in the background, however, the overridden object may
only be updated by the user.
Once the user removes the overridden copy, the Global resource will
then resume being used in the configuration.
boolean Default: "False"

OvfInfo (schema)

OVF Information

Information related to OVF file.

Name Description Type Notes
ovf_name OVF file name

Name of OVF file.		 string Readonly
version OVF version

Version of the OVF.		 string Readonly

OwnerResourceLink (schema)

Link to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.

Name Description Type Notes
action Optional action string Readonly
href Link to resource string Required
Readonly
rel Link relation type

Custom relation type (follows RFC 5988 where appropriate definitions exist)		 string Required
Readonly

PCGRegistrationPayload (schema)

PCG register node with NSX Manager payload

The payload that can be sent to NSX Manager /api/v1/transport-nodes?action=register_node.
Only available on PCG node.

Name Description Type Notes
msg_client_info MsgClientInfo
system_info SystemInfo
transport_node TransportNodeInfoForRegister

PIServiceType (schema)

Service type supported for Principal Identities

Name Description Type Notes
PIServiceType Service type supported for Principal Identities string Enum: LOCAL_MANAGER, GLOBAL_MANAGER

PackageLoggingLevels (schema)

Name Description Type Notes
logging_level Logging levels per package string Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
package_name Package name string

PacketAddressClassifier (schema) (Deprecated)

Address classifications for a packet

A packet is classified to have an address binding, if its address
configuration matches with all user specified properties.

Name Description Type Notes
ip_address A single IP address or a subnet, e.g. x.x.x.x or x.x.x.x/y IPElement
mac_address A single MAC address MACAddress
vlan VlanID

PacketCaptureOption (schema)

Packet capture option

The option is used to filter data on given node.

Name Description Type Notes
name Packet capture option name

The avaiable option names in the enum can be used to filter the capture data.		 string Enum: ETHTYPE, MAC, SRCMAC, DSTMAC, VLAN, IP, SRCIP, DSTIP, IPPROTO, PORT, SRCPORT, DSTPORT, VNI, IPPROTO6, IP6, SRCIP6, DSTIP6
value Packet capture option value

Define the capture value according to the given capture option.		 string

PacketCaptureOptionList (schema)

List of packet capture options

List of packet capture options to filter data in capture process.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
values Packet capture option collection

Packet capture option collection		 array of PacketCaptureOption

PacketCaptureRequest (schema)

Packet capture request information

This type is used to create packet request on give node. Need to specify related parameters according to the capture point.

Name Description Type Notes
capamount Packet capture amount

Define the packet capture amount size.		 int
capcore The CPU core id on Edge node

The CPU core id on Edge node.		 int
capduration Packet capture duration time in seconds

Define the packet capture duration time. After the capture duration time, the capture process will stop working.		 int
capfilesize Packet capture file size limit

Define the packet capture file size limit.		 int
capmode Packet Capture streaming mode

Define the capture streaming mode. The STREAM mode will send the data to given stream address and port. And the STANDALONE mode will save the capture file in local folder.		 string Enum: STANDALONE, STREAM
cappoint Packet capture point

Define the point to capture data.		 string Required
Enum: VNIC, VMKNIC, VMNIC, VDRPORT, DVFILTER, LOGICALPORT, FCPORT, VIF, PNIC
caprate Packet capture rate

Define the rate of packet capture process.		 int
capsnaplen Packet capture snapshot length

Limit the number of bytes captured from each packet.		 int
capsource Packet capture source type

This type is used to differenite the incoming request from CLI/UI.		 string Required
Enum: CLI, UI
capvalue Packet capture point value

Define the capture value of given capture point.		 string
direction Packet capture direction type

Define the capture direction. Support three types INPUT/OUTPUT/DUAL.		 string Enum: INPUT, OUTPUT, DUAL
filtertype Packet capture dvfilter stage type

Define the capture filter type. Support PRE/POST mode.		 string Enum: PRE, POST
node Packet capture node id

Define the transport node to capture data.		 string
node_ip Packet capture node ip

Define the transport node to capture data.		 IPAddress
options Packet capture options

Define the packet capture additional options to filter the capture data.		 PacketCaptureOptionList
streamaddress Packet capture Streaming address

Set the stream address to receive the capture packet.		 string
streamport Packet capture Streaming port

Set the stream port to receive the capture packet. The STREAM mode is based on GRE-in-UDP Encapsulation(RFC8086). Packets are sent to UDP port 4754.		 int

PacketCaptureSession (schema)

Packet capture response information

Packet capture session information.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
endtime End time in epoch millisecond

Timestamp when session was stopped in epoch millisecond.		 EpochMsTimestamp
errormsg Error messasge in capture

Error messasge in capture.		 string
filelocation Packet capture file location

Packet capture file location.		 string
filesize Packet capture file Size in bytes

Packet capture file Size in bytes.		 int
id Unique identifier of this resource string Sortable
request Packet capture request

Packet capture request information.		 PacketCaptureRequest Required
resource_type Must be set to the value PacketCaptureSession string
sessionid Packet capture session id

Packet capture session id.		 string Required
sessionname Packet capture session name

Packet capture session name.		 string
sessionstatus Packet capture session status

Packet capture session status.		 string Required
Enum: CREATED, STARTED, STOPPED, FINISHED, ERROR
starttime Start time in epoch millisecond

Timestamp when session was created in epoch millisecond.		 EpochMsTimestamp
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

PacketCaptureSessionList (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Total capture session count integer Required
results Packet capture list for all sessoins array of PacketCaptureSession
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PacketData (schema)

This is an abstract type. Concrete child types:
BinaryPacketData
FieldsPacketData

Name Description Type Notes
frame_size Requested total size of the (logical) packet in bytes

If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.		 integer Minimum: 60
Maximum: 1000
Default: "128"
resource_type Packet configuration string Required
Enum: BinaryPacketData, FieldsPacketData
Default: "FieldsPacketData"
routed A flag, when set true, indicates that the traceflow packet is of L3 routing. boolean
transport_type transport type of the traceflow packet

This type takes effect only for IP packet.		 string Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN
Default: "UNICAST"

PacketNumberSampling (schema)

Name Description Type Notes
sampling_rate 1 out of how many packets is sampled integer Required
Minimum: 1
Maximum: 65535
sampling_type Must be set to the value PacketNumberSampling string Required
Enum: FirstNSampling, PacketNumberSampling, IntervalSampling

PacketTypeAndCounter (schema)

Name Description Type Notes
counter The number of packets. integer Required
packet_type The type of the packets string Required

PacketsDroppedBySecurity (schema)

Name Description Type Notes
bpdu_filter_dropped The number of packets dropped by "BPDU filter". integer
dhcp_client_dropped_ipv4 The number of IPv4 packets dropped by "DHCP client block". integer
dhcp_client_dropped_ipv6 The number of IPv6 packets dropped by "DHCP client block". integer
dhcp_server_dropped_ipv4 The number of IPv4 packets dropped by "DHCP server block". integer
dhcp_server_dropped_ipv6 The number of IPv6 packets dropped by "DHCP server block". integer
spoof_guard_dropped The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP. array of PacketTypeAndCounter

PartialPatchConfig (schema)

Contains configuration for Partial patch.

This object allows enabling or disabling of partial patch functionality.
Enabling partial patch allows patching of a subset of the fields of any object.
After enabling partial patching, any object payload provided will be merged with the existing object payload.
Note that while all mandatory fields are expected to be provided during the creation of any object,
enabling partial patch will allow patching of existing objects with a subset of mandatory fields.

Name Description Type Notes
enable_partial_patch This object will contain the partial patch configuration.

boolean value used to enable/disable partial patch		 boolean Required

PasswordAuthenticationScheme (schema)

Name Description Type Notes
password Password to authenticate with string Required
scheme_name Authentication scheme name string Required
Enum: password
username User name to authenticate with string Required
Pattern: "^.+$"

PatchResources (schema)

Patch Resources

Patch Resources is an action to create/patch resources in response to an event.

Name Description Type Notes
body Body

Patch body representing a Hierarchical Patch payload. The resources included in the body
are patched replacing the injections' keys with their actual values.
object Required
injections Injections

Injections holding keys (variables) and their corresponding values.		 array of Injection Minimum items: 1
resource_type Must be set to the value PatchResources string Required
Enum: PatchResources, SetFields

PathExpression (schema)

Path expression node

Represents policy path expressions in the form of an array, to support addition of objects like groups, segments and policy logical ports in a group.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
paths Array of policy paths

This array can consist of one or more policy paths. Only policy paths of groups, segments and policy logical ports are allowed.		 array of string Required
Minimum items: 1
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PathExpression string Required
Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PathPermissionGroup (schema)

RBAC Objects qualifier

Name Description Type Notes
object_path Full Object Path string Required
operation Allowed operation string Required
Enum: crud, read, execute, none

PeerCertificateChain (schema)

A peer's certificate chain

The certificate chain presented by a remote TLS service.

Name Description Type Notes
details List of X509Certificates. array of X509Certificate Readonly
pem_encoded PEM encoded certificate data. string Required

PemFile (schema)

Name Description Type Notes
file file data multipart_file Required

PendingChange (schema)

Name Description Type Notes
request_id Request_id of the API change

Request identifier of the API which modified the entity.		 string

PendingChangesInfoNsxT (schema)

NSX-T Pending Change Info

Information about recent changes, if any, that are not reflected in the Enforced Realized Status.

Name Description Type Notes
pending_changes_flag Pending Changes Flag

Flag describing whether there are any pending changes that are not reflected in the status.
boolean Readonly

PerForwarderStatistics (schema) (Deprecated)

Per-forwarder query statistics counters

Query statistics counters of a forwarder identified by domain names.

Name Description Type Notes
domain_names Domain names configured for the forwarder

Domain names configured for the forwarder. Empty if this is the
default forwarder.
array of string Readonly
Minimum items: 0
Maximum items: 100
upstream_statistics Statistics per upstream server. array of PerUpstreamServerStatistics Readonly
Minimum items: 0
Maximum items: 3

PerNodeDnsFailedQueries (schema)

The list of failed DNS queries per transport node

The list of the failed DNS queries with entry count and timestamp.
The entry count is for per active/standby transport node.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
node_id Uuid of active/standby transport node

The Uuid of active/standby transport node.		 string Required
Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of failed DNS queries

The list of failed DNS queries.		 array of DnsFailedQuery Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
timestamp Timestamp of the request

Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.		 string Required
Readonly

PerNodeShaPluginStatusListResult (schema)

Paged list of Sha plugin status list.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Sha plugin status list results array of PluginStatusEntry Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PerNodeUsedCacheStatistics (schema) (Deprecated)

Per-node used cache query statistics counters

Query statistics counters of used cache from node

Name Description Type Notes
cached_entries The total number of cached entries integer Readonly
node_id Uuid of active/standby transport node string Readonly
used_cache_size The memory size used in cache, in kb integer Readonly

PerStepRestoreStatus (schema)

Restore step status

Name Description Type Notes
description A description of the restore status string Required
Readonly
value Per step restore status value string Required
Readonly
Enum: INITIAL, RUNNING, SUSPENDED_BY_USER, SUSPENDED_FOR_USER_ACTION, FAILED, SUCCESS

PerUpstreamServerStatistics (schema) (Deprecated)

Per-upstream server query statistics counters

Query statistics counters to an upstream server including successfully
forwarded queries and failed queries.

Name Description Type Notes
queries_failed Queries failed to forward. integer Readonly
queries_succeeded Queries forwarded successfully integer Readonly
upstream_server Upstream server ip IPAddress Readonly

PersistenceProfileType (schema)

persistence profile type

Source-ip persistence ensures all connections from a client (identified by
IP address) are sent to the same backend server for a specified period.
Cookie persistence allows related client connections, identified by the
same cookie in HTTP requests, to be redirected to the same server.
Generic persistence profile cannot be attached to virtual servers directly.
It can only be consumed by load balancer rule actions:
LbVariablePersistenceOnAction and LbVariablePersistenceLearnAction.
LbCookiePersistenceProfile and LbGenericPersistenceProfile are deprecated
as NSX-T Load Balancer is deprecated.

Name Description Type Notes
PersistenceProfileType persistence profile type

Source-ip persistence ensures all connections from a client (identified by
IP address) are sent to the same backend server for a specified period.
Cookie persistence allows related client connections, identified by the
same cookie in HTTP requests, to be redirected to the same server.
Generic persistence profile cannot be attached to virtual servers directly.
It can only be consumed by load balancer rule actions:
LbVariablePersistenceOnAction and LbVariablePersistenceLearnAction.
LbCookiePersistenceProfile and LbGenericPersistenceProfile are deprecated
as NSX-T Load Balancer is deprecated.
string Enum: LbCookiePersistenceProfile, LbSourceIpPersistenceProfile, LbGenericPersistenceProfile

PhysicalServer (schema)

Physical server

Details of physical/bare metal server. PhysicalServer is an abstraction for TransportNode with os_type RHELSERVER, UBUNTUSERVER, CENTOSSERVER, SLESSERVER, OELSERVER or WINDOWSSERVER. This entity will be used in grouping to provide micro-segmentation to physical servers. To add any new physical servers/perform any changes, use create/update TransportNode API.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_addresses IP Addresses of the physical server, version 4 or 6

IP addresses of the physical server specified by the admin while registering as Transport node in nsx.		 array of IPAddress Readonly
os_type OS type of the physical server

OS type of the physical server.		 string Readonly
Enum: RHELSERVER, UBUNTUSERVER, CENTOSSERVER, SLESSERVER, WINDOWSSERVER, OELSERVER
resource_type Must be set to the value PhysicalServer string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

PhysicalServerListRequestParameters (schema)

Request parameters to get list of physical server.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
display_name Display Name of the physical server

Display Name of physical server.		 string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
os_type OS type of the physical server

OS type of the physical server.		 string Enum: RHELSERVER, UBUNTUSERVER, CENTOSSERVER, SLESSERVER, WINDOWSSERVER, OELSERVER
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PhysicalServerListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of physical servers

List of physical servers.		 array of PhysicalServer Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PimRpMapping (schema)

PIM RP mapping details

PIM (Protocol Independent Multicast) RP (Randezvous Point) mapping details.

Name Description Type Notes
group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
is_rp Is acts as Rendezvous Point

Value of this field will be true if this edge transport node
acts as rendezvous point, otherwise false.
boolean Readonly
outgoing_interface Outgoing interface

Outgoing/Egress interface for multicast traffic.		 string Required
Readonly
rp_address RP address

RP (Randezvous Point) address.		 IPAddress Required
Readonly
source Multicast source

Source of learning RP information. Either Static RP configured or
RP learned via BSR (Bootstrap Router).
string Required
Readonly

PimRpMappingCsvRecord (schema)

Name Description Type Notes
group Multicast group address

Multicast group address.		 IPAddress Required
Readonly
is_rp Is acts as Rendezvous Point

Value of this field will be true if this edge transport node
acts as rendezvous point, otherwise false.
boolean Readonly
outgoing_interface Outgoing interface

Outgoing/Egress interface for multicast traffic.		 string Required
Readonly
rp_address RP address

RP (Randezvous Point) address.		 IPAddress Required
Readonly
source Multicast source

Source of learning RP information. Either Static RP configured or
RP learned via BSR (Bootstrap Router).
string Required
Readonly
transport_node Transport node uuid or policy path

Transport node uuid or policy path.		 string Required
Readonly

PimRpMappings (schema)

PIM Rendezvous Point Mappings

PIM Rendezvous Point Mappings.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
gateway_path Policy path to Tier0 gateway

Policy path to Tier0 gateway.
string Required
pim_rp_mappings_per_edge array of PimRpMappingsPerEdge
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PimRpMappingsInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of PimRpMappingCsvRecord Readonly

PimRpMappingsPerEdge (schema)

PIM Rendezvous Point Mappings Per Edge

PIM Rendezvous Point Mappings Per Edge.

Name Description Type Notes
edge_path Policy path to edge node

Policy path to edge node.
string Required
pim_rp_mappings array of PimRpMapping

PktCapResource (schema)

The resource of packet capture per port, such as
the downloading URL of packet capture file.

Name Description Type Notes
pktcap_file_download_url Packet capture file download URL string Required
Readonly
port_id The ID of logical port where packet capture action is performed string Required
Readonly
resource_type Must be set to the value PktCapResource string Required

PktCapResult (schema)

The packet capture result for transport nodes

Name Description Type Notes
pktcap_resource_list Packet capture results on the given transport node

The packet capture resource info for ports where packet
capture action is performed
array of PktCapResource Required
Readonly
transport_node_id The ID of transport node where packet capture action is deployed string Required
Readonly
transport_node_type Type of the transport node TransportNodeType Required
Readonly

PktcapActionArgument (schema)

Name Description Type Notes
dest_lport Destination logical port for bidirectional packet capture

It is required only when the type of packet capture is bidirectional. Please keep this aligned with the
destination logical port of trace action config when the type of trace action is bidirectional.
string Readonly
pktcap_type Type of packet capture string Required
Readonly
Enum: UNI_DIRECTIONAL, BI_DIRECTIONAL
reverse_filter Packet filter for flows of interest in reverse direction

It takes effect only when the type of packet capture is bidirectional. Please keep this aligned with the packet
filter of reverse direction of trace action config when the type of trace action is bidirectional.
LiveTraceFilterData
(Abstract type: pass one of the following concrete types)
FieldsFilterData
PlainFilterData		 Readonly

PktcapActionConfig (schema)

Name Description Type Notes
action_argument Action argument for packet capture PktcapActionArgument Required
Readonly
sampling_argument Sample argument for packet capture

Only first-N sampling is supported and the maximum sampling number is 500.
SamplingArgument
(Abstract type: pass one of the following concrete types)
FirstNSampling
IntervalSampling
PacketNumberSampling		 Required
Readonly

PlainFilterData (schema)

Name Description Type Notes
basic_filter Basic RCF rule for packet filter string
extend_filter Extended RCF rule for packet filter string
resource_type Must be set to the value PlainFilterData string Required
Enum: FieldsFilterData, PlainFilterData
Default: "FieldsFilterData"

PlatformDeploymentChecksAction (schema)

Configuration for Platform deployment

Configuration for Platform deployment.

Name Description Type Notes
action Pre/post deployment checks

Run pre/post deployment checks.
PRE_CHECKS - Run pre-check before deployment.
POST_CHECKS - Run post-check after deployment.
ABORT_CHECKS - Abort running pre/post deployement checks.
string Required
Enum: PRE_CHECKS, POST_CHECKS, ABORT_CHECKS
deployment_config PlatformDeploymentConfig

PlatformDeploymentConfig (schema)

Configuration for Platform deployment

Configuration for Platform deployment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cluster_id Kubernetes cluster id

Unique id to identify kubernetes guest cluster.		 string
deployment_action Deployment action

Deployment action.		 CloudNativeDeploymentAction
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
form_factor Form factor

From factor in use.		 FormFactorType
id Unique identifier of this resource string Sortable
kubeconf_info Kubeconfig info

Information about kubeconfig file.
KubeconfigInfo
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PlatformDeploymentConfig string
service_config AdvanceServiceConfig
storage_class Kubernetes storage class

Kubernetes storage class		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
version Deployment version in use

Deployment version in use.		 string

PlatformFormFactors (schema)

Deployment version

Available platform form factors.

Name Description Type Notes
available_form_factors Available form factors

Availiable form factors for a platform deployment version.
FormFactors

PluginFileProperties (schema)

Plugin file properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
file_name File name string Required
Pattern: "^[^/]+$"
plugin_id Plugin id string Required
status Upload status string Required

PluginStatus (schema)

System Health Plugin status

Describes plugin status on node

Name Description Type Notes
detail Detail information of plugin

Detail information of plugin.		 string Readonly
id Plugin id

Plugin id.		 string Readonly
name Plugin name

Plugin name.		 string Readonly
profile Plugin profile

Display the plugin profile content.		 string Readonly
status Plugin status. string Readonly
Enum: UNKNOWN, ENABLED, DISABLED

PluginStatusEntry (schema)

System Health Plugin status

Describes plugin status

Name Description Type Notes
detail Detail information of plugin

Detail information of plugin.		 string Readonly
plugin_path Plugin id

Plugin id.		 string Readonly
profile Plugin config

Display the plugin configß content.		 string Readonly
status Plugin status. string Readonly
Enum: UNKNOWN, ENABLED, DISABLED

PluginStatusList (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Total plugin count integer Required
results System Health plugin status list array of PluginStatus
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Pnic (schema) (Deprecated)

Physical NIC specification

Name Description Type Notes
device_name device name or key string Required
uplink_name Uplink name for this Pnic. This name will be used to reference this Pnic in other configurations. string Required

PnicBondFilter (schema)

pNIC/bond status

pNIC/bond statuses

Name Description Type Notes
status pNic/bond status

Status of pNIC/bond		 string Enum: UNKNOWN, UP, DOWN, DEGRADED

PnicBondStatus (schema)

pNIC/bond status

pNIC/bond statuses

Name Description Type Notes
name pNIC/bond name

Name of the pNIC/bond		 string
status pNic/bond status

Status of pNIC/bond		 string Enum: UNKNOWN, UP, DOWN, DEGRADED
type Object type

type, whether the object is a pNIC or a bond		 string Enum: UNKNOWN_TYPE, PNIC, BOND

PnicBondStatusListResult (schema)

pNIC status list container

This object contains reference to list of pNIC/bond statuses

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of pNIC/bond statuses

List of pNIC statuses belonging to the transport node		 array of PnicBondStatus
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PnicMirrorDestination (schema)

Name Description Type Notes
dest_pnics Physical NIC device names to which to send the mirrored packets array of string Required
Minimum items: 1
Maximum items: 3
node_id Transport node to which to send the mirrored packets string Required
resource_type Must be set to the value PnicMirrorDestination MirrorDestinationResourceType Required

PnicMirrorSource (schema)

Name Description Type Notes
encapsulated Whether to filter encapsulated packet. boolean Required
Default: "False"
node_id Transport node identifier for the pnic located. string Required
resource_type Must be set to the value PnicMirrorSource MirrorSourceResourceType Required
source_pnics Source physical NIC device names array of string Required
Minimum items: 1

PointDefinition (schema)

Definition of a point of graph

Defines the point of a graph.

Name Description Type Notes
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string
field Expression for points of the graph

An expression that represents the points of the graph		 string Required
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string Maximum length: 1024
tooltip Multi-line tooltip

Multi-line text to be shown on tooltip while hovering over the point of a graph.		 array of Tooltip Minimum items: 0
x_value Variable chosen for X value of the point of the graph

Represents the variable for the X value of points that are plotted on the graph.		 string Required
y_value Variable chosen for Y value of the point of the graph

Represents the variable for the Y value of points that are plotted on the graph.		 string Required

Policy (schema)

Contains ordered list of Rules

Ordered list of Rules. This object is created by default along with the Domain.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Policy string
rule_count Rule count

The count of rules in the policy.
int Readonly
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyAlarmResource (schema)

Alarm base class of realized policy object

Alarm base class of realized policy object

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
error_details Detailed information about errors from an API call made to the enforcement point, if any. PolicyApiError
id Unique identifier of this resource string Sortable
message error message to describe the issue string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyAlarmResource string
source_reference path of the object on which alarm is created string
source_site_id source site(LM) id.

This field will refer to the source site on which the alarm is
generated. This field is populated by GM, when it receives
corresponding notification from LM.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyAlarmResourceListRequestParameters (schema)

PolicyAlarmResource list request parameters

PolicyAlarmResource list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyAlarmResourceListResult (schema)

PolicyAlarmResource list result

PolicyAlarmResource list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of PolicyAlarmResources

List of alarm resources		 array of PolicyAlarmResource
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyApiError (schema)

Detailed information about an API Error

Name Description Type Notes
details Further details about the error string
error_code A numeric error code integer
error_data Additional data about the error object
error_message A description of the error string
module_name The module name where the error occurred string
related_errors Other errors related to this error array of PolicyRelatedApiError

PolicyArpProxyEntry (schema)

Name Description Type Notes
arp_proxy_ip Array of ARP proxy service address

ARP proxy information for a service with ip.		 array of IPAddress Readonly
service_id Service type id

Identifier of connected service on port.		 string Readonly

PolicyArpProxyTableCsvListResult (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of InterfaceArpProxyCsvEntry

PolicyArpProxyTableListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of Gateway interface ARP proxy tables array of InterfaceArpProxy Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyAttributes (schema)

Policy Attributes data holder

Name Description Type Notes
attribute_source Source of attribute value i.e whether system defined or custom value string Enum: SYSTEM, CUSTOM
Default: "SYSTEM"
datatype Datatype for attribute string Required
Enum: STRING
description Description for attribute value string
isALGType Is the value ALG type

Describes whether the APP_ID value is ALG type or not.		 boolean
key Key for attribute

URL_Reputation is currently not available. Please do not use it in Attribute Key while creating context profile		 string Required
Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
metadata Provide additional meta information about key/values

This is optional part that can hold additional data about the attribute key/values.
Example - For URL CATEGORY key , it specified super category for url category value.
This is generic array and can hold multiple meta information about key/values in future
array of ContextProfileAttributesMetadata
sub_attributes Reference to sub attributes for the attribute array of PolicySubAttributes
value Value for attribute key

Multiple attribute values can be specified as elements of array.
array of string Required
Minimum items: 1

PolicyBaseHostSwitchProfile (schema)

This is an abstract type. Concrete child types:
PolicyExtraConfigHostSwitchProfile
PolicyLldpHostSwitchProfile
PolicyNiocProfile
PolicyUplinkHostSwitchProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
required_capabilities array of string Readonly
resource_type Must be set to the value PolicyBaseHostSwitchProfile PolicyHostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyBasedIPSecVPNSession (schema)

Policy based VPN session

A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable/Disable IPSec VPN session

Enable/Disable IPSec VPN session.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ipsec_vpn_service_id IPSec VPN service identifier

Identifier of VPN Service linked with local endpoint.		 string Readonly
local_endpoint_id Local endpoint identifier

Local endpoint identifier.		 string Required
peer_endpoint_id Peer endpoint identifier

Peer endpoint identifier.		 string Required
policy_rules Policy rules array of IPSecVPNPolicyRule Required
resource_type Must be set to the value PolicyBasedIPSecVPNSession IPSecVPNSessionResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_mss_clamping TcpMssClamping

PolicyBasedIPSecVpnSession (schema)

Policy based VPN session

A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authentication_mode Authentication Mode

Peer authentication mode.
PSK - In this mode a secret key shared between local and
peer sites is to be used for authentication. The secret
key can be a string with a maximum length of 128 characters.
CERTIFICATE - In this mode a certificate defined at the
global level is to be used for authentication.
string Enum: PSK, CERTIFICATE
Default: "PSK"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
compliance_suite Compliance suite

Compliance suite.
string Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE
connection_initiation_mode Connection initiation mode

Connection initiation mode used by local endpoint to
establish ike connection with peer site.
INITIATOR - In this mode local endpoint initiates
tunnel setup and will also respond to incoming tunnel
setup requests from peer gateway.
RESPOND_ONLY - In this mode, local endpoint shall only
respond to incoming tunnel setup requests. It shall not
initiate the tunnel setup.
ON_DEMAND - In this mode local endpoint will initiate
tunnel creation once first packet matching the policy
rule is received and will also respond to incoming
initiation request.
string Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND
Default: "INITIATOR"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dpd_profile_path Dead peer detection (DPD) profile path

Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.		 string
enabled Enable/Disable IPSec VPN session

Enable/Disable IPSec VPN session.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ike_profile_path Internet key exchange (IKE) profile path

Policy path referencing IKE profile to be used. Default is set according to system default profile.		 string
local_endpoint_path Local endpoint path

Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
peer_address IPV4 address of peer endpoint on remote site

Public IPV4 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
peer_id Peer id

Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
psk Pre-shared key

IPSec Pre-shared key. Maximum length of this field is 128 characters.		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyBasedIPSecVpnSession IPSecVpnSessionResourceType Required
rules Rules array of IPSecVpnRule Required
Minimum items: 1
site_overrides SiteOverride list

A collection of site specific attributes specificed only on GM
array of SiteOverride Maximum items: 128
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_mss_clamping TCP MSS Clamping

TCP Maximum Segment Size Clamping Direction and Value.
TcpMaximumSegmentSizeClamping
tunnel_profile_path IPSec tunnel profile path

Policy path referencing Tunnel profile to be used. Default is set to system default profile.		 string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyBasedL3VpnSession (schema) (Deprecated)

Policy based L3Vpn Session

A Policy-based L3Vpn session is a configuration in which a specific vpn tunnel is
referenced in a policy whose action is set as tunnel.

Name Description Type Notes
resource_type Must be set to the value PolicyBasedL3VpnSession L3VpnSessionResourceType Required
rules L3Vpn Rules

L3Vpn rules that are specific to the L3Vpn. Only L3Vpn rules with PROTECT action
are supported.
array of L3VpnRule

PolicyBgpNeighborStatus (schema)

Name Description Type Notes
address_families Address families of BGP neighbor

Address families of BGP neighbor		 array of BgpAddressFamily Readonly
announced_capabilities BGP capabilities sent to BGP neighbor. array of string Readonly
connection_drop_count Count of connection drop integer Readonly
connection_state Current state of the BGP session. string Readonly
Enum: INVALID, IDLE, CONNECT, ACTIVE, OPEN_SENT, OPEN_CONFIRM, ESTABLISHED, UNKNOWN
edge_path Transport node policy path string
established_connection_count Count of connections established integer Readonly
graceful_restart_mode Graceful restart mode

Current state of graceful restart of BGP neighbor. Possible
values are -
1. GR_AND_HELPER - Graceful restart with Helper
2. HELPER_ONLY - Helper only
3. DISABLE - Disabled
string Readonly
hold_time Time in ms to wait for HELLO from BGP peer.

If a HELLO packet is not seen from BGP Peer withing hold_time
then BGP neighbor will be marked as down.
integer Readonly
keep_alive_interval Time in ms to wait for HELLO packet from BGP peer integer Readonly
last_update_timestamp Timestamp indicating last update time of data

Timestamp when the data was last updated, unset if data source has never updated the data.		 EpochMsTimestamp Readonly
local_port TCP port number of Local BGP connection integer Readonly
Minimum: 1
Maximum: 65535
messages_received Count of messages received from the neighbor integer Readonly
messages_sent Count of messages sent to the neighbor integer Readonly
negotiated_capability BGP capabilities negotiated with BGP neighbor. array of string Readonly
neighbor_address The IP of the BGP neighbor IPAddress Readonly
neighbor_router_id Router ID of the BGP neighbor. string Readonly
remote_as_number AS number of the BGP neighbor string Readonly
remote_port TCP port number of remote BGP Connection integer Readonly
Minimum: 1
Maximum: 65535
remote_site Remote site

Remote site details.		 ResourceReference Readonly
source_address The Ip address of logical port IPAddress Readonly
tier0_path Policy path to Tier0 string Required
Readonly
time_since_established Time(in seconds) since connection was established. integer Readonly
total_in_prefix_count Count of in prefixes

Sum of in prefixes counts across all address families.		 integer Readonly
total_out_prefix_count Count of out prefixes

Sum of out prefixes counts across all address families.		 integer Readonly
type BGP neighbor type

BGP neighbor type		 string Readonly
Enum: INTER_SR, USER

PolicyBgpNeighborsStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Status of BGP neighbors of the Tier0 array of PolicyBgpNeighborStatus Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyCapacityDashboardUsage (schema)

Name Description Type Notes
current_usage_count Current usage count of object type

Indicate the current usage count of object type.
integer Required
current_usage_percentage Current usage percentage

Current usage percentage for object type
number Required
display_name User friendly name for object type

Display name for NSX object type.
string Required
max_supported_count Maximum supported count for object type

This is the maximum supported count for object type in consideration.
integer Required
usage_type Object type for which usage is fetched

Indicate the object type for which usage is calculated.
string Required
Enum: NUMBER_OF_VSPHERE_CLUSTERS, NUMBER_OF_PREPARED_HOSTS, NUMBER_OF_GROUPS, NUMBER_OF_SEGMENT, NUMBER_OF_SEGMENT_PORT, NUMBER_OF_FIREWALL_RULES, NUMBER_OF_FIREWALL_SECTIONS, NUMBER_OF_SECURITY_POLICY_RULES, NUMBER_OF_SECURITY_POLICY, NUMBER_OF_PROTECTION_ENABLED_HOST, NUMBER_OF_PROTECTION_ENABLED_VIRTUAL_MACHINES, NUMBER_OF_EDGE_CLUSTERS, NUMBER_OF_EDGE_NODES, NUMBER_OF_TIER0_ROUTERS, NUMBER_OF_TIER1_ROUTERS, NUMBER_OF_PREFIX_LIST, NUMBER_OF_NAT_RULES, NUMBER_OF_DHCP_IP_POOLS, NUMBER_OF_TIER1_WITH_NAT_RULE

PolicyCapacityUsageRequestParameters (schema)

Parameter for capacity calculation.

Name Description Type Notes
category Category of attributes for which capacity details need to be fetched.
Supported categories are security, inventory and networking.
User can provide comma separated list of categories.
In order to fetch the whole list of attributes one can leave the category value blank.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyCapacityUsageResponse (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
capacity_usage List of capacity usage for NSX Objects array of PolicyCapacityDashboardUsage Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value PolicyCapacityUsageResponse string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

PolicyComplianceStatus (schema)

Name Description Type Notes
last_updated_time Timestamp of last update EpochMsTimestamp Readonly
non_compliant_configs List of non compliant configuration and impacted services array of PolicyNonCompliantConfig Readonly

PolicyConfigResource (schema)

Represents an object on the desired state

Represents an object on the desired state.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyConfigResource string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyContainerGroupMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name Description Type Notes
cluster array of ClusterMemberDetails Required

PolicyContainerGroupMembersListResult (schema)

Group members list result

Paginated collection of pods belonging to a Group.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of pods that belong to the given Group array of PolicyContainerGroupMemberDetails Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyContextProfile (schema)

Policy Context Profile entity

An entity that encapsulates attributes and sub-attributes of various
network services (eg. L7 services, domain name, encryption algorithm)
The entity will be consumed in firewall rules and can be added in new
tuple called profile in firewall rules. To get a list of supported
attributes and sub-attributes fire the following REST API
GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attributes Array of Policy Context Profile attributes

Property containing attributes/sub-attributes for Policy Context Profile.
array of PolicyAttributes Required
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyContextProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyContextProfileDeleteRequestParameters (schema)

Policy Context Profile delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"
override Delete the locally overriden global object

If true, the overridden object can be deleted locally. This
will restore the global resource as the intended configuration
for this site.
boolean Default: "False"

PolicyContextProfileListRequestParameters (schema)

Policy Context Profile list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyContextProfileListResult (schema)

List result of PolicyContextProfiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of PolicyContextProfiles array of PolicyContextProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyCustomAttributes (schema)

Policy Custom Attributes data holder

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attribute_source Source of attribute value i.e whether system defined or custom value string Enum: CUSTOM, SYSTEM
Default: "CUSTOM"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
datatype Datatype for attribute string Required
Enum: STRING
description Description for attribute value string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
key Key for attribute

Policy Custom Attribute Key		 string Required
Enum: DOMAIN_NAME, CUSTOM_URL
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
metadata Provide additional meta information about key/values

This is optional part that can hold additional data about the attribute key/values.
Example - For Custom URL key , it specified url type for url value.
This is generic array and can hold multiple meta information about key/values in future
array of ContextProfileAttributesMetadata
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyCustomAttributes string
sub_attributes Reference to sub attributes for the attribute array of PolicySubAttributes
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
value Value for attribute key

Multiple attribute values can be specified as elements of array.
array of string Required
Minimum items: 1

PolicyDHGroup (schema) (Deprecated)

Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared keys between
IPSec VPN initiator and responder over an unsecured network.
GROUP2 uses 1024-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.

Name Description Type Notes
PolicyDHGroup Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared keys between
IPSec VPN initiator and responder over an unsecured network.
GROUP2 uses 1024-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
string Deprecated
Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16

PolicyDnsAnswerPerEnforcementPoint (schema)

NSLookup answer per enforcement point

DNS forwarder nslookup answer per enforcement point.

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path referencing the enforcement point from where the
DNS forwarder nslookup answer is fetched.
string Readonly
resource_type Resource type

Resource type of the DNS forwarder nslookup answer.
string Required
Enum: NsxTDnsAnswer

PolicyDnsForwarder (schema)

DNS Forwarder

Used to configure DNS Forwarder

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cache_size Cache size in KB

Cache size in KB.		 int Minimum: 0
Maximum: 16777216
Default: "1024"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
conditional_forwarder_zone_paths Path of conditional DNS zones

Max of 5 DNS servers can be configured		 array of string Maximum items: 5
default_forwarder_zone_path Path of the default DNS zone.

This is the zone to which DNS requests are forwarded by default
string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled DNS forwarder enabled flag

The flag, which suggests whether the DNS forwarder is enabled or
disabled. The default is True.
boolean Default: "True"
id Unique identifier of this resource string Sortable
listener_ip IP on which the DNS Forwarder listens.

This is the IP on which the DNS Forwarder listens.
IPv4Address Required
log_level Log level of the dns forwarder

Set log_level to DISABLED will stop dumping fowarder log.
string Enum: DEBUG, INFO, WARNING, ERROR, FATAL
Default: "INFO"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyDnsForwarder string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyDnsForwarderZone (schema)

DNS Forwarder Zone

Used to configure zones on DNS Forwarder

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dns_domain_names List of domain names

List of domain names on which conditional forwarding is based. This
field is required if the DNS Zone is being used for a conditional
forwarder. This field will also be used for conditional reverse lookup.
Example 1, if for one of the zones, one of the entries in the fqdn is
example.com, all the DNS requests under the domain example.com will
be served by the corresponding upstream DNS server.
Example 2, if for one of the zones, one of the entries in the fqdn
list is "13.12.30.in-addr.arpa", reverse lookup for 30.12.13.0/24 will
go to the corresponding DNS server.
array of string
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyDnsForwarderZone string
source_ip Source IP used by DNS Forwarder zone

The source IP used by the DNS Forwarder zone.
IPv4Address
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
upstream_servers DNS servers to which the DNS request needs to be forwarded

Max of 3 DNS servers can be configured		 array of IPv4Address Required
Maximum items: 3

PolicyDnsForwarderZoneListRequestParameters (schema)

DNS Forwarder Zone list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyDnsForwarderZoneListResult (schema)

Paged Collection of DNS Forwarder Zones

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Dns Forwarder Zone list results array of PolicyDnsForwarderZone Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyDraft (schema)

Policy draft

A draft which stores the system generated as well as user intended changes
in a hierarchical body format.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildInfra
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_auto_draft Auto draft flag

Flag to indicate whether draft is auto created.
True indicates that the draft is an auto draft.
False indicates that the draft is a manual draft.
boolean Readonly
Default: "False"
lock_comments Policy draft lock/unlock comments

Comments for a policy draft lock/unlock.		 string
lock_modified_by User who locked a policy draft

ID of the user who last modified the lock for a policy draft.
string Readonly
lock_modified_time Policy draft locked/unlocked time

Policy draft locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a policy draft

Indicates whether a draft should be locked. If the draft is locked by
an user, then no other user would be able to modify or publish this
draft. Once the user releases the lock, other users can then modify
or publish this draft.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
ref_draft_path Path of an existing draft for reference

When specified, a manual draft will be created w.r.t. the specified
draft. If not specified, manual draft will be created w.r.t. the
current published configuration.
For an auto draft, this will always be null.
string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyDraft string
system_area Configuration changes tracked by the system

Configuration changes against the current configuration,
tracked by the system.
The value is stored in a hierarchical body format.
Infra Readonly
system_area_store_id ID of the data store where system_area has stored

In case of a large draft, wherein the size of system_area is so big
that it can not be stored into one draft object, the data is then gets
stored into multiple chunks in a draft data store.
This value represents the ID of that data store.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
user_area User defined configuration changes

These are user defined configuration changes, which are applicable only
in case of manual drafts. During the publish of a draft, system_area
changes gets applied first, and then these changes.
The value must be in a hierarchical body format.
Infra
user_area_store_id ID of the data store where user_area has stored

In case of a large draft, wherein the size of user_area is so big
that it can not be stored into one draft object, the data is then gets
stored into multiple chunks in a draft data store.
This value represents the ID of that data store.
string Readonly

PolicyDraftListRequestParameters (schema)

Policy draft list request parameters

Request parameters to be passed while listing policy drafts.

Name Description Type Notes
auto_drafts Fetch list of draft based on is_auto_draft flag

If set to true, then only auto drafts will be get fetched.
If set to false, then only manual drafts will be get fetched.
If not set, then all drafts will be get fetched.
boolean
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyDraftListResult (schema)

Paged collection of policy drafts

This holds the list of policy drafts.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy drafts list results

Paginated list of policy drafts.
array of PolicyDraft Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyDraftPaginatedAggregatedConfigurationRequestParameters (schema)

Parameters to get the paginated aggregated configuration for a draft

Parameters to get the paginated aggregated configuration for a draft.

Name Description Type Notes
request_id Request identifier to track subsequent API calls

If the initial call to get paginated aggregated configuration for a draft,
returns a paginated response, then the response will contain a request_id.
This identifier needs to be passed with subsequent API calls to get detailed
aggregated configuration for the draft.
string
root_path Path of the root object of subtree

Policy path of the security policy.
If specified with the subsequent API calls after initial call to get
paginated aggregated configuration for a draft, the response will return
the subtree of this security policy having all its children.
If not specified, then the subsequent API calls will return all the
security policies without their children, from pre-calculated aggregated
configuration of a draft.
This is not required for an initial call to get paginated aggregated
configuration for a draft.
string

PolicyDraftPaginatedAggregatedConfigurationResult (schema)

Paginated result of aggregated configuration of a policy draft

Paginated result of aggregated configuration of a policy draft

Name Description Type Notes
request_id Request identifier to keep track of result

Request identifier to keep track of calculated aggregated configuration
a draft during subsequent API calls after initial API call.
This identifier can be use to fetch the detailed aggregated configuration
at security policy level.
Absence of request_id suggests that whole aggregated configuration has been
returned as a response to initial API call, as the size of aggregated
configuration is not big enough to need pagination.
string Readonly
result Aggregated configuration of a draft

Paginated aggregated configuration of a given draft.
For an initial API call, if request_id is present in response, then this is
a paginated aggregated configuration of a given draft. To get more granular
aggregated configuration, request_id need to be passed to subsequent API
calls.
Absence of request_id suggests that whole aggregated configuration has been
returned as a response to initial API call, as the size of aggregated
configuration is not big enough to need pagination.
Infra Readonly

PolicyEdgeCluster (schema)

Edge Cluster

Edge Cluster.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildPolicyEdgeNode
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
inter_site_forwarding_enabled Inter site forwarding is enabled if true

Flag to indicate status of inter site l2 and l3 forwarding in federation.
boolean Readonly
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
member_node_type Node type of the cluster members

Edge cluster is homogenous collection of transport nodes.
Hence all transport nodes of the cluster must be of same type.
This readonly field shows the type of transport nodes.
EdgeClusterNodeType Readonly
nsx_id Edge Cluster UUID on NSX-T Enforcement Point

UUID of Edge Cluster on NSX-T enforcement point.		 string Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyEdgeCluster string
rtep_ips Remote tunnel endpoint IP addresses.

List of remote tunnel endpoint ipaddress configured on edge cluster.		 array of IPAddress Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyEdgeClusterInterSiteBgpSummary (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
edge_cluster_path Edge node path

Edge cluster path whose status is being reported.		 string Required
Readonly
edge_nodes Individual edge nodes status

Status of all edge nodes within cluster.		 array of PolicyEdgeNodeInterSiteBgpSummary Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyEdgeClusterInterSiteStatus (schema)

Name Description Type Notes
edge_cluster_name Edge cluster name

Name of the edge cluster whose status is being reported.		 string Readonly
edge_cluster_path Edge cluster path

Policy path of the edge cluster whose status is being reported.		 string Required
Readonly
last_update_timestamp Last updated timestamp

Timestamp when the edge cluster inter-site status was last updated.
EpochMsTimestamp Required
Readonly
member_status Per edge node inter-site status

Per edge node inter-site status.		 array of PolicyEdgeClusterMemberInterSiteStatus Readonly
overall_status Overall IBGP status in the edge cluster

Overall status of all edge nodes IBGP status in the edge cluster.
string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN

PolicyEdgeClusterListRequestParameters (schema)

Policy Edge Cluster List Request Parameters

Policy Edge Cluster list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyEdgeClusterListResult (schema)

Paged Collection of Edge Cluster

Paged Collection of Edge Cluster

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Edge Cluster List Result

Edge Cluster list result.		 array of PolicyEdgeCluster Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyEdgeClusterMemberInterSiteStatus (schema)

Name Description Type Notes
edge_node_path Edge node path

Edge node details from where the status is being retrived.		 ResourceReference Required
Readonly
established_bgp_sessions Established inter-site IBGP sessions

Total number of current established inter-site IBGP sessions.		 integer Readonly
neighbor_status BGP neighbor status

Inter-site BGP neighbor status.		 array of PolicyBgpNeighborStatus Readonly
status Edge node IBGP status

Edge node IBGP status		 string Readonly
Enum: UP, DOWN, DEGRADED, UNKNOWN
total_bgp_sessions Total inter-site IBGP sessions

Total number of inter-site IBGP sessions.		 integer Readonly

PolicyEdgeNode (schema)

Policy Edge Node

This object serves as a representation of the edge cluster
index to which the edge node connects. It should not be
mistaken for the edge / transport node itself. Consuming services
can refer to the nsx_id property to fetch the UUID of the
edge / transport node that is attached to this index.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
member_index Member Index

The numerical value of the member index in the edge cluster
that this object represents and to which the edge node connects.
integer Readonly
nsx_id Edge Node UUID on NSX-T Enforcement Point

UUID of edge node on NSX-T enforcement point.		 string Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyEdgeNode string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyEdgeNodeInterSiteBgpSummary (schema)

Name Description Type Notes
edge_node_path Edge node path

Edge node path whose status is being reported.		 string Required
Readonly
last_update_timestamp Last updated timestamp

Timestamp when the inter-site IBGP neighbors status was last updated.
EpochMsTimestamp Required
Readonly
neighbor_status Inter-site IBGP neighbors status

Status of all inter-site IBGP neighbors.		 array of PolicyBgpNeighborStatus Readonly

PolicyEdgeNodeListRequestParameters (schema)

Edge Node List Request Parameters

Edge Node list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyEdgeNodeListResult (schema)

Paged Collection of Edge Node

Paged Collection of Edge Node

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Edge Node List Result

Edge Node list result.		 array of PolicyEdgeNode Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyExcludeList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
members ExcludeList member list

List of the members in the exclude list		 array of string Required
Maximum items: 100
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyExcludeList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyExcludeListFilterRequestParams (schema)

Parameters for filtering the exclude list

Parameters for filtering the exclude list.

Name Description Type Notes
deep_check Check all parents

Deep check all parents of requested intent object, if any of them is in exclude list. If found, makes requested object as excluded.		 boolean Default: "False"
enforcement_point_path Path of the enforcement point

Path of the enforcement point from where the result need to be fetched.
If not provided, available enforcement point will be considered.
string
intent_path Path of the intent object to be searched in the exclude list

Path of the intent object to be searched in the exclude list.
string Required

PolicyExtraConfig (schema)

Vendor specific configuration on HostSwitch, logical switch or logical port

Extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on logical switch, logical
port or HostSwitch.
If it was set on logical switch, it will be inherited automatically by logical
ports in it. Also logical port setting will override logical switch setting
if specific key was dual set on both logical switch and logical port.

Name Description Type Notes
config_pair Key value pair in string for the configuration UnboundedKeyValuePair Required

PolicyExtraConfigHostSwitchProfile (schema)

Profile for extra configs in host switch

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
extra_configs list of extra configs array of PolicyExtraConfig
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
required_capabilities array of string Readonly
resource_type Must be set to the value PolicyExtraConfigHostSwitchProfile PolicyHostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyFineTuningResourceInfo (schema)

Contains the detail of resources with name and fields

It represent the resource with details of name and fields it owns.

Name Description Type Notes
fields List of all field of any resource array of PolicyFineTuningResourceInfoDetail Required
resource_name Resource name

It will represent resource with name and fields.
string Required

PolicyFineTuningResourceInfoDetail (schema)

Contains the details resources with field type and name

Contains the details of resource field

Name Description Type Notes
field_name Resource name

It will represent resource with name and fields.
string Required
sub_type List of all field of any resource PolicyFineTuningResourceInfo Required

PolicyFirewallCPUMemThresholdsProfileBindingMap (schema)

Policy DFW CPU Memory Thresholds Profile binding map

This entity will be used to establish association between CPU Memory
Thresholds Profile and Transport Node. Using this entity, user can specify
intent for applying Firewall CPU Memory Thresholds Profile to particular
Transport Node.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyFirewallCPUMemThresholdsProfileBindingMap string
sequence_number Sequence number of this profile binding map

Sequence number is used to resolve conflicts when two profiles get
applied to a single node. Lower value gets higher precedence. Two
binding maps having the same profile path should have the same sequence
number.
integer Required
Minimum: 0
Maximum: 4294967295
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_nodes References of transport nodes

References of transport nodes on which the profile intended to
be applied.
array of PolicyResourceReference
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyFirewallCPUMemThresholdsProfileBindingMapListRequestParameters (schema)

Policy Firewall CPU Memory Thresholds Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyFirewallCPUMemThresholdsProfileBindingMapListResult (schema)

Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Firewall CPU Memory Thresholds Profile Binding Map list results array of PolicyFirewallCPUMemThresholdsProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyFirewallCpuMemThresholdsProfile (schema)

Firewall CPU and memory thresholds profile

A profile holding CPU and memory thresholds configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cpu_threshold_percentage CPU utilization thresholds percentage

CPU utilization thresholds percentage to monitor and report for
distributed firewall.
integer Required
Minimum: 10
Maximum: 100
Default: "90"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mem_threshold_percentage Heap memory thresholds utilization percentage

Heap memory thresholds percentage to monitor and report for
distributed firewall.
integer Required
Minimum: 10
Maximum: 100
Default: "90"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyFirewallCpuMemThresholdsProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyFirewallCpuMemThresholdsProfileListResult (schema)

Paged Collection of PolicyFirewallCpuMemThresholdsProfile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results PolicyFirewallCpuMemThresholdsProfile list results array of PolicyFirewallCpuMemThresholdsProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyFirewallFloodProtectionProfileBindingMap (schema)

Policy DFW Flood Protection Profile binding map

This entity will be used to establish association between Firewall Flood
Protection profile and Group. Using this entity, user can specify intent
for applying Firewall Flood Protection profile to particular Group.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyFirewallFloodProtectionProfileBindingMap string
sequence_number Sequence number of this profile binding map.

Sequence number is used to resolve conflicts when two profiles get
applied to a single port. Lower value gets higher precedence. Two
binding maps having the same profile path should have the same sequence
number.
integer Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyFirewallFloodProtectionProfileBindingMapListRequestParameters (schema)

Policy Firewall Flood Protection Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyFirewallFloodProtectionProfileBindingMapListResult (schema)

Paged collection of Firewall Flood Protection Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Firewall Flood Protection Profile Binding Map list results array of PolicyFirewallFloodProtectionProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyFirewallScheduler (schema)

Policy Firewall Scheduler entity

An entity that encapsulates attributes to schedule firewall rules to
be active to allow or block traffic for a specific period of time.
Note that at least one property out of "days", "start_time",
"end_time", "start_date", "end_date" is required.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
days Days of the week

Days of week on which rules will be enforced. If property is omitted,
then days of the week will not considered while calculating the
firewall schedule. It should not be present when the recurring flag
is false.
array of PolicyFirewallSchedulerDays
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
end_date End date in MM/DD/YYYY

End date on which schedule to end. Example, 12/22/2019.
string Required
end_time End time

If recurring field is set false, then this field must be present. The
schedule will be enforced till the end time of the specified end date.
If recurring field is set true, then this field should not be present.
string
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
recurring Firewall schedule recurring flag

Flag to indicate whether firewall schedule recurs or not. The default
value is true and it should be set to false when the firewall schedule
does not recur and is a one time time interval.
boolean Required
Default: "True"
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyFirewallScheduler string
start_date Start date in MM/DD/YYYY

Start date on which schedule to start. Example, 02/22/2019.
string Required
start_time Start time

Time in 24 hour and minutes in multiple of 30. Example, 9:00. If
recurring field is set false, then this field must be present. The
schedule will start getting enforced from the start time of the
specified start date. If recurring field is set true, then this
field should not be present.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
time_interval Recurring time interval

The recurring time interval in a day during which the schedule will be
applicable. It should not be present when the recurring flag is false.
array of PolicyTimeIntervalValue Maximum items: 1
timezone Host timezone

Host Timezone to be used to enforce firewall rules.
string Required
Enum: UTC, LOCAL
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyFirewallSchedulerDays (schema)

Day on which scheduled firewall rule will be enforced

Name Description Type Notes
PolicyFirewallSchedulerDays Day on which scheduled firewall rule will be enforced string Enum: SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY

PolicyFirewallSchedulerDeleteRequestParameters (schema)

Policy Firewall Scheduler delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

PolicyFirewallSchedulerListRequestParameters (schema)

Policy Firewall Scheduler list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyFirewallSchedulerListResult (schema)

List result of PolicyFirewallSchedulers

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of PolicyFirewallSchedulers array of PolicyFirewallScheduler Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyFirewallSessionTimerProfile (schema)

Policy Firewall Session timeout profile

A profile holding TCP, UDP and ICMP session timeout configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
icmp_error_reply Timeout after ICMP error

The timeout value for the connection after an ICMP error came back in response to an ICMP packet. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "10"
icmp_first_packet First packet connection timeout

The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new ICMP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "20"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyFirewallSessionTimerProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_closed Timeout after RST

The timeout value of connection in seconds after one endpoint sends an RST. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "20"
tcp_closing Timeout after first TN

The timeout value of connection in seconds after the first FIN has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "120"
tcp_established Connection timeout

The timeout value of connection in seconds once the connection has become fully established. The default value for Edges (i.e, Gateway,or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 120
Maximum: 4320000
Default: "43200"
tcp_finwait Timeout after FINs exchanged

The timeout value of connection in seconds after both FINs have been exchanged and connection is closed. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "45"
tcp_first_packet Connection timout after first packet

The timeout value of connection in seconds after the first packet has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "120"
tcp_opening Connection timout after second packet

The timeout value of connection in seconds after a second packet has been transferred. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "30"
udp_first_packet Connection timout after first packet

The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new UDP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "60"
udp_multiple Timeout after hosts sent packet

The timeout value of connection in seconds if both hosts have sent packets. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "60"
udp_single Connection timeout for destination

The timeout value of connection in seconds if the source host sends more than one packet but the destination host has never sent one back. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.		 integer Required
Minimum: 10
Maximum: 4320000
Default: "30"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyFirewallSessionTimerProfileBindingMap (schema)

Policy DFW Timer Session Profile binding map

This entity will be used to establish association between Firewall Timer session
profile and Group. Using this entity, user can specify intent for applying
Firewall Timer session profile to particular Group.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
firewall_session_timer_profile_path Firewall Session Timer Profile Path

PolicyPath of associated Firewall Timer Session Profile		 string Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyFirewallSessionTimerProfileBindingMap string
sequence_number Sequence number of this profile binding map.

Sequence number is used to resolve conflicts when two profiles get applied
to a single port. Lower value gets higher precedence. Two binding maps
having the same profile path should have the same sequence number.
integer
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyFirewallSessionTimerProfileBindingMapListRequestParameters (schema)

Policy Firewall Session Timer Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyFirewallSessionTimerProfileBindingMapListResult (schema)

Paged collection of Firewall Session Timer Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Firewall Session Timer Profile Binding Map list results array of PolicyFirewallSessionTimerProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyFirewallSessionTimerProfileListRequestParameters (schema)

Policy Firewall Session timeout profile list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyFirewallSessionTimerProfileListResult (schema)

Paged Collection of Policy Firewall Session timeout profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy Firewall Session timeout profile list results array of PolicyFirewallSessionTimerProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyFullSyncActionParameters (schema)

Full sync action request parameters

Full sync action request parameters to initiate full sync for the given LM,
abort ongoing full sync or purge the histoic full sync events.

Name Description Type Notes
action string Required
Enum: request_full_sync, request_notifications_full_sync, abort_current_sync, purge_history
sync_type Type of full sync being requested

If not specified, the value is defaulted to gm_to_lm_full_sync.		 string Enum: gm_to_lm_full_sync

PolicyGroupIPMembersListResult (schema)

Group IP members list result

Paginated collection of IP members belonging to a Group.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of IP addresses that belong to the given Group array of IPElement Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyGroupMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name Description Type Notes
display_name The display name of the member on the enforcement point string Required
Readonly
id The ID of the member on the enforcement point string Required
Readonly
path The path of the member, if relevant string Required
Readonly

PolicyGroupMembersListResult (schema)

Group members list result

Paginated collection of members belonging to a Group.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of members that belong to the given Group array of PolicyGroupMemberDetails Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyGroupServiceAssociationsRequestParameters (schema)

Associations list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
intent_path Path of the entity

Path of the entity for which associated services are to be fetched.
string Required
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyHostInfraTrafficType (schema)

Enumerate all types of traffic

The traffic_name specifies the infrastructure traffic type and it
must be one of the following system-defined types:
FAULT_TOLERANCE is traffic for failover and recovery.
HBR is traffic for Host based replication.
ISCSI is traffic for Internet Small Computer System Interface.
MANAGEMENT is traffic for host management.
NFS is traffic related to file transfer in network file system.
VDP is traffic for vSphere data protection.
VIRTUAL_MACHINE is traffic generated by virtual machines.
VMOTION is traffic for computing resource migration.
VSAN is traffic generated by virtual storage area network.
The dynamic_res_pool_name provides a name for the resource pool.
It can be any arbitrary string.
Either traffic_name or dynamic_res_pool_name must be set.
If both are specified or omitted, an error will be returned.

Name Description Type Notes
dynamic_res_pool_name Dynamic resource pool traffic name string
traffic_name Traffic types string Enum: FAULT_TOLERANCE, HBR, ISCSI, MANAGEMENT, NFS, VDP, VIRTUAL_MACHINE, VMOTION, VSAN

PolicyHostSwitchProfileListRequestParameters (schema)

HostSwitchProfile List Request Parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
deployment_type Deployment type of EdgeNode or PublicCloudGatewayNode

If the node_type is specified, then deployment_type may be specified to filter uplink profiles applicable to only PHYSICAL_MACHINE or VIRTUAL_MACHINE deployments of these nodes.		 EdgeDeploymentType
hostswitch_profile_type Type of host switch profile PolicyHostSwitchProfileType
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
include_system_owned Whether the list result contains system resources boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
max_active_uplink_count Filter uplink profiles by number of active links in teaming policy.

Filter uplink profiles whose number of active uplinks in teaming policy is less than or equal to max_active_uplink_count.		 int
node_type Fabric node type for which uplink profiles are to be listed

The fabric node type is the resource_type of the Node such as EdgeNode and PublicCloudGatewayNode. If a fabric node type is given, uplink profiles that apply for nodes of the given type will be returned.		 string Enum: EdgeNode, PublicCloudGatewayNode
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
uplink_teaming_policy_name The host switch profile's uplink teaming policy name

If populated, only UplinkHostSwitchProfiles with the specified uplink teaming policy name are returned. Otherwise, any HostSwitchProfile can be returned.		 string

PolicyHostSwitchProfileType (schema)

Supported HostSwitch profiles.

Name Description Type Notes
PolicyHostSwitchProfileType Supported HostSwitch profiles. string Enum: PolicyUplinkHostSwitchProfile, PolicyLldpHostSwitchProfile, PolicyNiocProfile, PolicyExtraConfigHostSwitchProfile

PolicyHostSwitchProfilesListResult (schema)

HostSwitch Profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results HostSwitch Profile Results array of PolicyBaseHostSwitchProfile
(Abstract type: pass one of the following concrete types)
PolicyExtraConfigHostSwitchProfile
PolicyLldpHostSwitchProfile
PolicyNiocProfile
PolicyUplinkHostSwitchProfile		 Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyHostTransportNodeProfile (schema)

Host Transport Node Profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
host_switch_spec Host transport node host switch specification

The HostSwitchSpec is the base class for standard and preconfigured
host switch specifications. Only standard host switches are supported
in the transport node profile.
HostSwitchSpec
(Abstract type: pass one of the following concrete types)
PreconfiguredHostSwitchSpec
StandardHostSwitchSpec
id Unique identifier of this resource string Sortable
ignore_overridden_hosts Determines if cluster-level configuration should be applied on overridden hosts

Host Transport Node Profiles specify the configuration that is applied to all
hosts in a cluster. The user has the ability to update the configuration
on individual hosts within a cluster which will cause the host configuration
to differ from the Host Transport Node Profile and results in the host to be
marked as overridden. If a Host Transport Node Profile is edited or a new
Host Transport Node Profile is applied on a Host Transport Node Collection, by default,
the host configuration will be overwritten with the Host Transport Node Profile
configuration and the overridden flag will be reset to false. This flag
should be used when hosts that are set as overridden should not adopt the
Host Transport Node Profile configuration when it is being updated or a new one
is applied to the Host Transport Node Collection. In other words, when this flag is
set to the default value of false and configuration is applied at the cluster
level, the configuration will be applied on all hosts regardless if overridden
or not. When this flag is set to true, all hosts that are set as overridden, i.e.,
have been updated invidivually, will be ignored and the cluster-level configuration
will not be applied.
Note, Host Transport Node Profiles can be applied on multiple clusters. This field will
dictate the behavior followed by all clusters using this Host Transport Node Profile.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyHostTransportNodeProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyHostTransportNodeProfileListResult (schema)

Host Transport Node Profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results PolicyHostTransportNodeProfile Results array of PolicyHostTransportNodeProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyIKEDigestAlgorithm (schema) (Deprecated)

Digest Algorithms used in IKE negotiations

The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.

Name Description Type Notes
PolicyIKEDigestAlgorithm Digest Algorithms used in IKE negotiations

The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
string Deprecated
Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

PolicyIKEEncryptionAlgorithm (schema) (Deprecated)

Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of the messages
exchanged during IKE negotiations. AES stands for Advanced Encryption Standards.
AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to
provide both confidentiality and data origin authentication. AES_GCM composed
of two separate functions one for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GMAC_128 uses 128-bit keys.
AES_GMAC_192 uses 192-bit keys.
AES_GMAC_256 uses 256-bit keys.

Name Description Type Notes
PolicyIKEEncryptionAlgorithm Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of the messages
exchanged during IKE negotiations. AES stands for Advanced Encryption Standards.
AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to
provide both confidentiality and data origin authentication. AES_GCM composed
of two separate functions one for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GMAC_128 uses 128-bit keys.
AES_GMAC_192 uses 192-bit keys.
AES_GMAC_256 uses 256-bit keys.
string Deprecated
Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256

PolicyIKEVersion (schema) (Deprecated)

IKE version

IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.

Name Description Type Notes
PolicyIKEVersion IKE version

IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.
string Deprecated
Enum: IKE_V1, IKE_V2, IKE_FLEX

PolicyIPAddressInfo (schema) (Deprecated)

IP address information

Used to specify the display name and value of the IPv4Address.

Name Description Type Notes
address_value Value of the IPv4Address

Value of the IPv4Address.
IPv4Address Required
display_name Display name of the IPv4Address

Display name used to help identify the IPv4Address.
string
next_hop Next Hop of the IPv4Address

Next hop used in auto-plumbing of static route. If a value is not
provided, static route will not be auto-plumbed.
IPv4Address

PolicyIdfwEnforcementPointRequestParameters (schema)

Policy Idfw enforcement point Request Parameters

Request parameters that represents an enforcement point path. A request can be
parameterized with this path and will be evaluted as follows
> no enforcement point path specified: the request is evaluated on
available existing enforcement point. We support only 1 per policy manager.
> {enforcement_point_path}: the request is evaluated only on the given enforcement
point.
IDFW is currently not supported on Federation. Once it start supporting,
GM will have to send the enforcement point path while LM behavior stays
same.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

PolicyIdfwGroupRequestParameters (schema)

Policy Idfw group request parameter

Request parameter that accepts Group path.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
group_path String Path of the group

Group path, forward slashes must be escaped using %2F.
string Required

PolicyIdfwGroupVmDetailListResult (schema)

Identity Firewall user login/session data for a single Group

Identity Firewall user login/session data for a single Group.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
group_path String Path of the group

String Path of the group		 string
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of user login/session data for a single VM array of IdfwVmDetail
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyIdsEventDataRequest (schema)

Parameters to filter list of intrusions

Filtering parameters to get only a subset of intrusion events.

Name Description Type Notes
filters Filter conditions

An array of filter conditions.		 array of FilterRequest

PolicyIdsEventFlowData (schema)

IDS event flow data

IDS event flow data specific to each IDS
event. The data includes source ip, source
port, destination ip, destination port,
protocol, rule id, profile id, and the
action.

Name Description Type Notes
action_type IDS Event action

The action pertaining to the detected intrusion. Possible values are ALERT, DROP, REJECT, and INVALID. ALERT - If there is a signature match on the packet, it is allowed to pass but a notification is sent to the user notifying an intrusion was detected. DROP - On a signature match, the packet is silently dropped. An alert is sent to the user that an intrusion was detected. REJECT - On a signature match, the packet is dropped and TCP RST or ICMP error messages (for non-TCP pkts) are sent to the endpoints. An alert is sent to the user that an intrusion was detected. INVALID - If the action doesn't belong to any of the above mentioned categories, it is marked as INVALID.		 string Readonly
Enum: ALERT, DROP, REJECT, INVALID
bytes_toclient Bytes to client

Bytes sent to client.		 integer Readonly
bytes_toserver Bytes to server

Bytes sent to server.		 integer Readonly
client_ip IP address of the client VM

IP address of the VM that initiated the communication.		 string Readonly
destination_ip IP address of the destination VM

IP address of the destination VM on the intrusion flow.		 string Readonly
destination_port Destination port

Port on the destination VM where the traffic was sent to.		 integer Readonly
gateway Gateway where the intrusion was detected at

Name of the gateway on which this intrusion was detected.		 string Readonly
gateway_tags Tags associated with the gateway

Tags associated with the gateway on which this intrusion was detected.		 array of Tag Readonly
host Host where intrusion was seen

Name of the host on which this intrusion was detected.		 string Readonly
local_vm_ip IP address of the local VM

IP address of VM on the host where IDS engine is running.		 string Readonly
profile_id IDS profile id

The IDS profile id that is associated with the IDS rule pertaining to the intrusion event detected.		 string Readonly
protocol Traffic protocol pertaining to the intrusion

Traffic protocol pertaining to the detected intrusion, could be TCP/UDP etc.		 string Readonly
rule_id IDS Rule id of detected intrusion

The IDS Rule id pertaining to the detected intrusion.		 integer Readonly
source_ip IP address of the source VM

IP address of the source VM on the intrusion flow.		 string Readonly
source_port Source port

Source port through which traffic was initiated that caused the intrusion to be detected.		 integer Readonly
traffic_type IDS event detection source

The source where the intrusion was detected. Possible values are GATEWAY and HOST.		 string Readonly
Enum: GATEWAY, HOST

PolicyIdsEventsBySignature (schema)

Detcted intrusions grouped by signature

Intrusions that are detected, grouped by signature. It contains the signature id,
severity, name, the number of intrusions of that type and the first occurence.

Name Description Type Notes
count Number of times signature was seen

Number of times this particular signature was detected.		 integer Readonly
first_occurence First occurence of the intrusion

First occurence of the intrusion, in epoch milliseconds.		 EpochMsTimestamp Readonly
is_ongoing Flag indicating an ongoing intrusion

Flag indicating an ongoing intrusion.		 boolean Readonly
resource_type IDSEvent resource type

IDSEvent resource type.		 string Required
Readonly
severity Severity of the signature

Severity of the threat covered by the signature, can be Critical, High, Medium, or Low.		 string Readonly
signature_id Signature ID

Signature ID pertaining to the detected intrusion.		 integer Readonly
signature_name Name of the signature

Name of the signature pertaining to the detected intrusion.		 string Readonly
traffic_type IDS event detection source

The source where the intrusion was detected. Possible values are GATEWAY and HOST.		 string Readonly
Enum: GATEWAY, HOST

PolicyIdsEventsBySignatureResult (schema)

List of intrusions grouped by signature

List of all intrusions that are detected grouped by signature, it
contains minimal details about the intrusions.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of all intrusions detected

List of all intrusions detected, grouped by signature. The details include signature id, name, severity, timestamp, and total number of attempts per signature.		 array of PolicyIdsEventsBySignature Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyIdsEventsSummary (schema)

Intrusions with event and signature data

Intrusion event with all the event and signature details, each event
contains the signature id, name, severity, first and recent occurence,
users and VMs affected and other signature metadata.

Name Description Type Notes
affected_ip_count Count of workload IPs this signature was detected on

Count of workload IPs on which a particular signature was detected.		 integer Readonly
affected_vm_count Count of VMs this signature was detected on

Count of VMs on which a particular signature was detected.		 integer Readonly
first_occurence First occurence of the intrusion

First occurence of the intrusion, in epoch milliseconds.		 EpochMsTimestamp Readonly
ids_flow_details IDS event flow data details

IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol.		 object Readonly
is_ongoing Flag indicating an ongoing intrusion

Flag indicating an ongoing intrusion.		 boolean Readonly
is_rule_valid Is the rule id valid

Indicates if the rule id is valid or not.		 boolean Readonly
latest_occurence Latest occurence of the intrusion

Latest occurence of the intrusion, in epoch milliseconds.		 EpochMsTimestamp Readonly
resource_type IDSEvent resource type

IDSEvent resource type.		 string Required
Readonly
rule_id IDS Rule id of detected intrusion

The IDS Rule id that detected this particular intrusion.		 integer Readonly
signature_id Signature ID

Signature ID pertaining to the detected intrusion.		 integer Readonly
signature_metadata Metadata about the detected signature

Metadata about the detected signature including name, id, severity, product affected, protocol etc.		 object Readonly
total_count Number of occurrences of this signature

Number of times this particular signature was detected.		 integer Readonly
user_details List of users on the affected VMs

List of users logged into VMs on which a particular signature was detected.		 object Readonly
vm_details List of VMs this signature was seen

List of VMs on which a particular signature was detected with the count.		 object Readonly

PolicyIdsIpList (schema)

List of affected IP addresses

List of all affected IP addresses pertaining to a specific signature for
intrusion events seen on edge.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of all affected IP addresses

List of all affected IP addresses specific to a particular signature.		 array of IPAddress Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyIdsSummaryListResult (schema)

List of intrusions with their summary

List of all intrusions that are detected grouped by signature with
their summary.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of intrusions

Paged collection of the detected intrusions.		 array of PolicyIdsEventsSummary Readonly
Maximum items: 100
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyIdsUserList (schema)

List of affected Users

List of all affected users pertaining to a
specific signature.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of all affected users

List of all affected users specific to a particular signature.		 array of string Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyIdsUserStats (schema)

List of Users

List of Users logged into VMs where intrusions of a given signature
were detected.

Name Description Type Notes
count Number of unique users

Number of unique users logged into VMs on which a particular signature was detected.		 integer Readonly
user_list List of users

List of users logged into VMs on which a particular signature was detected.		 array of string Readonly

PolicyIdsVmList (schema)

List of affected VMs

List of all affected VMs pertaining to a specific signature for
intrusion events seen on host.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of all affected VMs

List of all affected VMs specific to a particular signature.		 array of string Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyIdsVmStats (schema)

List of VMs where signature was detected

List of VMs on which a particular signature was detected with the count.

Name Description Type Notes
count Number of unique VMs

Number of unique VMs on which a particular signature was detected.		 integer Readonly
vm_list List of VM names

List of VM names on which intrusions of that particular signature type were detected.		 array of string Readonly

PolicyIgmpProfile (schema)

IGMP Profile

IGMP profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
last_member_query_interval Max Response Time

Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages,
and is also the amount of time between Group-Specific Query messages. This value may be tuned to
modify the "leave latency" of the network.
A reduced value results in reduced time to detect the loss of the last member of a group.
int Minimum: 1
Maximum: 25
Default: "1"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
query_interval Interval between general IGMP host-query messages

Interval(seconds) between general IGMP host-query messages.
int Minimum: 1
Maximum: 1800
Default: "30"
query_max_response_time The maximum elapsed time between response

The query response interval(seconds) is the maximum amount of time that can elapse between
when the querier router sends a host-query message and when it receives a response
from a host. Configuring this interval allows admins to adjust the burstiness of
IGMP messages on the subnet; larger values make the traffic less bursty, as host
responses are spread out over a larger interval.

The number of seconds represented by the query_max_response_time must be less than the query_interval.
int Minimum: 1
Maximum: 25
Default: "10"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyIgmpProfile string
robustness_variable The Robustness Variable

The Robustness Variable allows tuning for the expected packet loss on a subnet.
If a subnet is expected to be lossy, the Robustness Variable may be increased.
IGMP is robust to (Robustness Variable-1) packet losses.
The Robustness Variable must not be zero, and SHOULD NOT be one.
int Minimum: 1
Maximum: 255
Default: "2"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyIgmpProfileListRequestParameters (schema)

Igmp Profile list request parameters

Igmp Profile list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyIgmpProfileListResult (schema)

Paged Collection of Igmp Profile

Collection of Igmp Profile.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Igmp Profile list results

Igmp Profile list results		 array of PolicyIgmpProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyInsertParameters (schema)

Parameters to tell where security policy/rule needs to be placed

Parameters to let the admin specify a relative position of a security
policy or rule w.r.t to another one.

Name Description Type Notes
anchor_path The security policy/rule path if operation is 'insert_after' or 'insert_before' string
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

PolicyInterfaceOspfConfig (schema)

OSPF Interface configuration

OSPF Interface configuration.

Name Description Type Notes
bfd_path Policy path of BFD profile

This filed is valid only if enable_bfd is set to TRUE.
If enable_bfd flag is set to TRUE, this profile will be applied to all OSPF peers in this interface.
If this field is empty, bfd_path will refer to Tier-0 global BFD profile.
string
dead_interval OSPF dead interval in seconds

Specifies the number of seconds that router must wait before it declares
a OSPF neighbor router down because it has not received OSPF hello packet.
OSPF dead interval should be minimum 3 times greater than the hello interval
int Minimum: 3
Maximum: 65535
Default: "40"
enable_bfd enable BFD for OSPF

Enable/Disable OSPF to register for BFD event. Use FALSE to disable BFD.
boolean
enabled enable/disable OSPF

enable/disable OSPF on the interface. If enabled flag not specified, defailt is enable OSPF.
boolean Default: "True"
hello_interval OSPF hello interval in seconds

Specifies the interval between the hello packets that OSPF sends on this interface.
OSPF hello interval should be less than the dead interval
int Minimum: 1
Maximum: 21845
Default: "10"
network_type Configure OSPF networkt type

Configure OSPF networkt type, default is BROADCAST network type
string Enum: BROADCAST, P2P
Default: "BROADCAST"
ospf_area Attach Tier0 Interface to specified OSPF Area

Attache Tier0 Interface to specified OSPF Area.
all peers.
string Required

PolicyInterfaceStatistics (schema)

Tier0 or Tier1 interface statistics on specific Enforcement Point

Tier0 or Tier1 interface statistics on specific Enforcement Point.

Name Description Type Notes
logical_router_port_id The ID of the logical router port string Required
per_node_statistics Per Node Statistics array of LogicalRouterPortStatisticsPerNode Readonly

PolicyInterfaceStatisticsSummary (schema)

Tier0 or Tier1 interface statistics on specific Enforcement Point

Tier0 or Tier1 interface statistics on specific Enforcement Point.

Name Description Type Notes
interface_policy_path Policy path for the interface

Policy path for the interface		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_router_port_id The ID of the logical router port string Required
rx LogicalRouterPortCounters Readonly
tx LogicalRouterPortCounters Readonly

PolicyIpsecVpnIkeServiceSummary (schema)

IPSec VPN IKE service summary

Summarized view of all IPSec VPN sessions for a specified service.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all selected sessions.		 IPSecVPNTrafficCounters
display_name Display name of IPSec VPN service string Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the Primary site's enforcement point where the info is fetched.
This is applicable only on a GlobalManager.
string Readonly
ipsec_vpn_service_path Policy path of IPSec VPN service string Readonly
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
session_summary Session summary

Session summary for number of total, established, failed and degraded IPSec VPN sessions.		 IPsecVPNIKESessionSummary Readonly
traffic_summary_per_session Traffic summary

Traffic summary per session.		 array of IPSecVPNSessionTrafficSummary

PolicyIpsecVpnSessionSummary (schema)

IPSec VPN session summary

Summarized view of all selected IPSec VPN sessions.

Name Description Type Notes
aggregate_traffic_counters Traffic summary

Aggregate traffic statistics across all selected sessions.		 IPSecVPNTrafficCounters
last_update_timestamp Last updated timestamp

Timestamp when the data was last updated.		 EpochMsTimestamp Readonly
session_summary Session summary

Session summary for number of total, established, failed and degraded IPSec VPN sessions.		 IPsecVPNIKESessionSummary Readonly
traffic_summary_per_session Traffic summary

Traffic summary per session.		 array of IPSecVPNSessionTrafficSummary

PolicyL2TablesParameters (schema)

Layer-2 table request parameters

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

Enforcement point path.		 string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string

PolicyL2VpnRemoteMacParameters (schema)

Remote mac for L2Vpn Session

Request Parameters for Remote Mac of L2Vpn Session.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
segment_path Segment Path

Intent path of the segment.		 string

PolicyLabel (schema)

Label to reference group of policy entities of same type.

Label to reference group of policy entities of same type.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
refs Policy entity paths referred by the label instance

Policy entity paths referred by the label instance		 array of string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyLabel string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Policy intent entity type from PolicyResourceType

Policy intent entity type from PolicyResourceType		 string Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyLabelListRequestParameters (schema)

PolicyLabel list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyLabelListResult (schema)

Paged Collection of Domains

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy label list results array of PolicyLabel Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyLatencyStatProfile (schema)

Latency Stat Profile

Latency stat service profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_to_group_path Binding Policy group path

The Policy group path to apply the latency profile.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pnic_latency_enabled Pnic latency enablement flag

Enable or Disable pnic latency.
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyLatencyStatProfile string
sampling_interval Latency sampling interval

Event nth milliseconds packet is sampled. When a value less than
1000 is given, the realized sampling interval will be 1000 milliseconds.
integer Minimum: 1
Maximum: 1000000
sampling_rate Latency sampling rate

Event nth packet is sampled.
integer Minimum: 100
Maximum: 1000000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyLatencyStatProfileListRequestParameters (schema)

Latency profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyLatencyStatProfileListResult (schema)

List of latency profile

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Latency Stat Profile List

Latency stat profile list.		 array of PolicyLatencyStatProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyListL2TablesParameters (schema)

Layer-2 table list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

Enforcement point path.		 string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string

PolicyListRequestParameters (schema)

Policy list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyListResult (schema)

Paged Collection of security policies

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyLiveTraceActionConfig (schema)

Livetrace action configuration

Name Description Type Notes
pktcap_config Configuration of packet capture action LiveTracePacketGranularActionConfig
trace_config Configuration of trace action LiveTracePacketGranularActionConfig

PolicyLldpHostSwitchProfile (schema)

Host Switch for LLDP

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
required_capabilities array of string Readonly
resource_type Must be set to the value PolicyLldpHostSwitchProfile PolicyHostSwitchProfileType Required
send_enabled Enabled or disabled sending LLDP packets boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyMetadataProxyStatistics (schema)

Name Description Type Notes
metadata_proxy_path Policy path of metadata proxy configuration string Required
statistics Metadata Proxy statistics per segment array of MetadataProxyStatisticsPerSegment
timestamp timestamp of the statistics EpochMsTimestamp Required

PolicyMetadataProxyStatus (schema)

Name Description Type Notes
error_message Error message, if available string
proxy_status UP means the metadata proxy is working fine on both transport-nodes(if configured);
DOWN means the metadata proxy is is down on both transport-nodes(if configured),
hence the metadata proxy will not repsond to any metadata request;
Error means there is an error on transport-node(s) or no status is reported from
transport-node(s). The metadata proxy may be working (or not working);
NO_BACK means metadata proxy is working on one of the transport node while
not in the other transport-node (if configured). If the metadata proxy on
the working transport-node goes down, the metadata proxy will go down.
string Required
Enum: UP, DOWN, ERROR, NO_BACKUP
transport_nodes ids of transport nodes where this metadata proxy is running

Order of the transport nodes is insensitive because Metadata Proxy
is running in Active-Active mode among target transport nodes.
array of string Required

PolicyMigrationParameters (schema)

Transport node migration parameters.

Transport node migration parameters are mainly used for migrating NVDS transport node to VDS transport node.

Name Description Type Notes
skip_maintmode Skip Maintenance mode check

Skipping maintenance mode check before starting migration. This parameter
is only used by SDDC environment.
boolean Default: "False"

PolicyMulticastConfig (schema)

Multicast routing configuration

Multicast routing configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable/disable Multicast Configuration

Enable/disable Multicast Configuration.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
igmp_profile_path Policy path to IGMP profile

Updates to IGMP profile applied on all Tier0 gateways consuming the configuration.
string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pim_profile_path Policy path to PIM profile

Updates to PIM profile applied on all Tier0 gateways consuming the configuration.
string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
replication_multicast_range Replication multicast range

Replication multicast range. Required when enabled.		 string Format: ipv4-cidr-block
resource_type Must be set to the value PolicyMulticastConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyMulticastForwarding (schema)

Multicast Forwarding

Multicast Forwarding.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
gateway_path Policy path to Tier0 or Tier1 gateway

Policy path to Tier0 or Tier1 gateway.
string Required
mcast_forwarding_per_edge array of MulticastForwardingPerEdge
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyMulticastForwardingInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of MulticastForwardingCsvRecord Readonly

PolicyMulticastRoutes (schema)

Multicast Routes

Multicast Routes.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
gateway_path Policy path to Tier0 gateway

Policy path to Tier0 gateway.
string Required
mcast_routes_per_edge array of MulticastRoutesPerEdge
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyMulticastRoutesInCsvFormat (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of MulticastRouteCsvRecord Readonly

PolicyNATRuleCounters (schema)

Statistics count

Gives the statistics count of a NAT rule.

Name Description Type Notes
active_sessions Active sessions

Gives the total number of active sessions.
integer Readonly
total_bytes Total bytes

Gives the total number of bytes.
integer Readonly
total_packets Total packets

Gives the total number of packets.
integer Readonly

PolicyNat (schema)

Contains list of NAT Rules

Represents NAT section. This object is created by default when corresponding
tier-0/tier-1 is created. Under tier-0/tier-1 there will be 4 different NATs(sections).
(INTERNAL, USER, DEFAULT and NAT64).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
nat_type NAT section under tier-0/tier-1

Represents a NAT section under tier-0/tier-1.		 string Enum: INTERNAL, USER, DEFAULT, NAT64
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyNat string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyNatListRequestParameters (schema)

NAT list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyNatListResult (schema)

Paged Collection of NAT Types

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NAT list results array of PolicyNat Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyNatRule (schema)

Represents a NAT rule between source and destination at T0/T1 router

Represents a NAT rule between source and destination at T0/T1 router.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Represents action of NAT Rule SNAT, DNAT, REFLEXIVE

Source NAT(SNAT) - translates a source IP address in an outbound packet so that
the packet appears to originate from a different network. SNAT is only supported
when the logical router is running in active-standby mode.
Destination NAT(DNAT) - translates the destination IP address of inbound packets
so that packets are delivered to a target address into another network. DNAT is
only supported when the logical router is running in active-standby mode.
Reflexive NAT(REFLEXIVE) - IP-Range and CIDR are supported to define the "n".
The number of original networks should be exactly the same as that of
translated networks. The address translation is deterministic. Reflexive is
supported on both Active/Standby and Active/Active LR.
NO_SNAT and NO_DNAT - These do not have support for translated_fields, only
source_network and destination_network fields are supported.
NAT64 - translates an external IPv6 address to a internal IPv4 address.
string Required
Enum: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT, NAT64
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_network Represents the destination network

This supports single IP address or comma separated list of single IP
addresses or CIDR. This does not support IP range or IP sets.
For DNAT and NO_DNAT rules, this is a mandatory field, and represents
the destination network for the incoming packets.
For other type of rules, optionally it can contain destination network
of outgoing packets.
NULL value for this field represents ANY network.
IPElementList
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Policy NAT Rule enabled flag

The flag, which suggests whether the NAT rule is enabled or
disabled. The default is True.
boolean Default: "True"
firewall_match Represents the firewall match flag

It indicates how the firewall matches the address after NATing if firewall
stage is not skipped.

MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address
of a NAT rule. For SNAT, the external address is the translated source address
after NAT is done. For DNAT, the external address is the original destination
address before NAT is done. For REFLEXIVE, to egress traffic, the firewall
will be applied to the translated source address after NAT is done; To ingress
traffic, the firewall will be applied to the original destination address
before NAT is done.

MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal
address of a NAT rule. For SNAT, the internal address is the original source
address before NAT is done. For DNAT, the internal address is the translated
destination address after NAT is done. For REFLEXIVE, to egress traffic, the
firewall will be applied to the original source address before NAT is done;
To ingress traffic, the firewall will be applied to the translated destination
address after NAT is done.

BYPASS indicates the firewall stage will be skipped.

For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned
string Enum: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS, BYPASS
Default: "MATCH_INTERNAL_ADDRESS"
id Unique identifier of this resource string Sortable
logging Policy NAT Rule logging flag

The flag, which suggests whether the logging of NAT rule is enabled or
disabled. The default is False.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyNatRule string
scope Array of policy paths of labels, ProviderInterface, NetworkInterface

Represents the array of policy paths of ProviderInterface or NetworkInterface or
labels of type ProviderInterface or NetworkInterface or IPSecVpnSession on which the NAT rule should
get enforced.
The interfaces must belong to the same router for which the NAT Rule is created.
array of string
sequence_number Sequence number of the Nat Rule

The sequence_number decides the rule_priority of a NAT rule.
Sequence_number and rule_priority have 1:1 mapping.For each NAT section,
there will be reserved rule_priority numbers.The valid range of
rule_priority number is from 0 to 2147483647(MAX_INT).
1. INTERNAL section
rule_priority reserved from 0 - 1023 (1024 rules)
valid sequence_number range 0 - 1023
2. USER section
rule_priority reserved from 1024 - 2147482623 (2147481600 rules)
valid sequence_number range 0 - 2147481599
3. DEFAULT section
rule_priority reserved from 2147482624 - 2147483647 (1024 rules)
valid sequence_number range 0 - 1023
int Default: "0"
service Represents the service on which the NAT rule will be applied

It represents the path of Service on which the NAT rule will be applied.
If not provided or if it is blank then Policy manager will consider it
as ANY.
Please note, if this is a DNAT, the destination_port of the service will
be realized on NSX Manager as the translated_port. And if this is a SNAT,
the destination_port will be ignored.
string
source_network Represents the source network address

This supports single IP address or comma separated list of single IP
addresses or CIDR. This does not support IP range or IP sets.
For SNAT, NO_SNAT, NAT64 and REFLEXIVE rules, this is a mandatory field and
represents the source network of the packets leaving the network.
For DNAT and NO_DNAT rules, optionally it can contain source network
of incoming packets.
NULL value for this field represents ANY network.
IPElementList
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
translated_network Represents the translated network address

This supports single IP address or comma separated list of single IP
addresses or CIDR. This does not support IP range or IP sets.
For SNAT, DNAT, NAT64 and REFLEXIVE rules, this ia a mandatory field, which
represents the translated network address.
For NO_SNAT and NO_DNAT this should be empty.
IPElementList
translated_ports Port number or port range

Please note, if there is service configured in this NAT rule, the translated_port
will be realized on NSX Manager as the destination_port. If there is no sevice configured,
the port will be ignored.
PortElement
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyNatRuleListRequestParameters (schema)

NAT Rule list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyNatRuleListResult (schema)

Paged Collection of NAT Rules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NAT Rules list results array of PolicyNatRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyNatRuleStatistics (schema)

Statistics of NAT Rule

Gives the Statistics of a NAT rule.

Name Description Type Notes
active_sessions Active sessions

Gives the total number of active sessions.
integer Readonly
last_update_timestamp Last update timestamp

Timestamp when the data was last updated.
EpochMsTimestamp Readonly
total_bytes Total bytes

Gives the total number of bytes.
integer Readonly
total_packets Total packets

Gives the total number of packets.
integer Readonly
warning_message Warning Message

The warning message about the NAT Rule Statistics.
string Readonly

PolicyNatRuleStatisticsListRequestParameters (schema)

NAT Rule statistics list request parameters

Request parameter to get NAT rule statistics.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

Enforcement point path, forward slashes must be escaped using %2F.
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyNatRuleStatisticsListResult (schema)

Collection of NAT Rule statistics

Gives the collection of NAT rule statistics per enforcement point.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NAT rules statistics per enforcement point array of PolicyNatRuleStatisticsPerEnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyNatRuleStatisticsPerEnforcementPoint (schema)

Statistics of NAT Rule per enforcement point

Gives the statistics of a NAT rule per enforcement point.

Name Description Type Notes
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point from where the statistics are fetched.
string
rule_path Path of NAT Rule

Path of NAT Rule.
string
rule_statistics Rule statistics per enforcement point

Gives NAT rule stats on an enforcement point.
array of PolicyNatRuleStatistics Readonly

PolicyNatRuleStatisticsPerLogicalRouter (schema)

Statistics of NAT Rule per logical router

Gives the statistics of a NAT rule per logical router on specified enforcement point.

Name Description Type Notes
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point from where the statistics are fetched.
string
last_update_timestamp Last update timestamp

Timestamp when the data was last updated.
EpochMsTimestamp Readonly
per_node_statistics Detailed Rule statistics

Detailed Rule statistics per logical router.
array of PolicyNatRuleStatisticsPerTransportNode Readonly
router_path Router path

Path of the router.
string
statistics Rolled up statistics

Rolled up statistics for all rules on the logical router.
PolicyNATRuleCounters Readonly

PolicyNatRuleStatisticsPerLogicalRouterListResult (schema)

Collection of NAT rule statistics per logical router

Gives the collection of NAT rule statistics per logical router on
specified enforcement point.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results NAT rules statistics per logical router array of PolicyNatRuleStatisticsPerLogicalRouter Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyNatRuleStatisticsPerTransportNode (schema)

Statistics of NAT Rule

Gives the Statistics of a NAT rule.

Name Description Type Notes
active_sessions Active sessions

Gives the total number of active sessions.
integer Readonly
last_update_timestamp Last update timestamp

Timestamp when the data was last updated.
EpochMsTimestamp Readonly
total_bytes Total bytes

Gives the total number of bytes.
integer Readonly
total_packets Total packets

Gives the total number of packets.
integer Readonly
transport_node_path Node path

Policy path of the Edge Node.
string Readonly

PolicyNiocProfile (schema)

Profile for Nioc

This profile is created for Network I/O Control(NIOC).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enabled status of NIOC feature

The enabled property specifies the status of NIOC feature.
When enabled is set to true, NIOC feature is turned on and
the bandwidth allocations specified for the traffic resources
are enforced. When enabled is set to false, NIOC feature
is turned off and no bandwidth allocation is guaranteed.
By default, enabled will be set to true.
boolean Default: "True"
host_infra_traffic_res Resource allocation associated with NiocProfile

host_infra_traffic_res specifies bandwidth allocation for
various traffic resources.
array of PolicyPolicyResourceAllocation
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
required_capabilities array of string Readonly
resource_type Must be set to the value PolicyNiocProfile PolicyHostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyNonCompliantConfig (schema)

Name Description Type Notes
affected_resources Resources/Services impacted by non compliant configuration

Resources/Services impacted by non compliant configuration		 array of PolicyResourceReference Readonly
description Detail description of non compliant configuration with suggestive action string Readonly
non_compliance_code Code for non compliant configuration integer Readonly
reported_by Id and name of non compliant resource/service PolicyResourceReference Readonly

PolicyNsLookupParameters (schema)

Name Description Type Notes
address IP address or FQDN for nslookup string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

PolicyOspfDatabaseListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp indicating last update time of data

Timestamp when the data was last updated, unset if data source has never updated the data.		 EpochMsTimestamp Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of OSPF database data array of OspfDatabaseStatus Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
tier0_path Policy path for Tier0 gateway string Required
Readonly

PolicyPimProfile (schema)

PIM profile

PIM profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bsm_enabled Enable/disable bootstrap messaging Configuration

Enable/disable bootstrap messaging Configuration.		 boolean Default: "True"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyPimProfile string
rp_address Static IPv4 multicast address configuration

Static IPv4 multicast address configuration.		 IPAddress
rp_address_multicast_ranges Static IPv4 multicast address and assciated multicast groups configuration

Static IPv4 multicast address and assciated multicast groups configuration.		 array of RpAddressMulticastRanges
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyPimProfileListRequestParameters (schema)

PIM Profile list request parameters

PIM Profile list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyPimProfileListResult (schema)

Paged Collection of Pim Profile

Collection of Pim Profile.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results PIM Profile list results

PIM Profile list results.		 array of PolicyPimProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyPktCapResource (schema)

Name Description Type Notes
logical_port_path The path of segment port or router port where the packets are captured string Readonly
pktcap_file_download_url Packet capture file download URL string Required
Readonly
port_id The ID of logical port where packet capture action is performed string Required
Readonly
resource_type Must be set to the value PolicyPktCapResource string Required

PolicyPolicyResourceAllocation (schema)

Resource allocation information for a host infrastructure traffic type

Specify limit, shares and reservation for all kinds of traffic.
Values for limit and reservation are expressed in percentage. And for shares,
the value is expressed as a number between 1-100.
The overall reservation among all traffic types should not exceed 75%.
Otherwise, the API request will be rejected.

Name Description Type Notes
limit Maximum bandwidth percentage

The limit property specifies the maximum bandwidth allocation for a given
traffic type and is expressed in percentage. The default value for this
field is set to -1 which means the traffic is unbounded for the traffic
type. All other negative values for this property is not supported
and will be rejected by the API.
number Required
Minimum: -1
Maximum: 100
Default: "-1.0"
reservation Minimum guaranteed bandwidth percentage number Required
Minimum: 0
Maximum: 75
Default: "0.0"
shares Shares int Required
Minimum: 1
Maximum: 100
Default: "50"
traffic_type Resource allocation traffic type PolicyHostInfraTrafficType Required

PolicyPoolUsage (schema)

IP usage statistics in a IpAddressPool.

Name Description Type Notes
allocated_ip_allocations Total number of allocated IPs in a IpAddressPool

Total number of allocated IPs shown are from NSX manager.
NSX manager uses default release delay of 2 mins. Till this delay passes,
IPs will be shown as allocated (and counted in allocated ips).
In this period of time there could be mismatch in requested_ip_allocations
and allocated_ip_allocations.
integer Readonly
available_ips Total number of available IPs in a IpAddressPool integer Readonly
requested_ip_allocations Total number of requested IP allocations in a IpAddressPool integer Readonly
total_ips Total number of IPs in a IpAddressPool integer Readonly

PolicyRealizedResource (schema)

Abstract base class for all the realized policy objects

Abstract base class for all the realized policy objects

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyRealizedResource string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyRelatedApiError (schema)

Detailed information about errors from API call to an enforcement point

Name Description Type Notes
details Further details about the error string
error_code A numeric error code integer
error_data Additional data about the error object
error_message A description of the error string
module_name The module name where the error occurred string

PolicyRequestParameter (schema)

Represents optional API request parameter to be used in HAPI

Optional API Request Parameter to be used in HAPI.

Name Description Type Notes
resource_type The type of this request parameter. string Required

PolicyResource (schema)

Abstract base class for all the policy objects

Abstract base class for all the policy objects.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyResource string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyResourceReference (schema)

Policy resource reference

Policy resource reference.

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
path Absolute path of this object

Absolute path of this object.		 string Readonly
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

PolicyResourceReferenceForEP (schema)

Policy resource reference for enforcement point

Policy resource reference for enforcement point

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
path Absolute path of this object

Absolute path of this object.		 string Readonly
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

PolicyResourceReferenceForEPListResult (schema)

Policy resource reference list for enforcement point

Paginated collection of policy resource references for enforcement point

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of policy resource references for enforcement point array of PolicyResourceReferenceForEP Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyResourceReferenceListResult (schema)

Paged Collection of PolicyResourceReference

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy resource references list results array of PolicyResourceReference Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyRuntimeAlarm (schema)

Alarm of PolicyRuntimeInfoPerEP

Alarm associated with the PolicyRuntimeInfoPerEP that exposes
potential errors when retrieving runtime information from the
enforcement point.

Name Description Type Notes
error_details Error Detailed Information

Detailed information about errors from an API call made to the
enforcement point, if any.
PolicyApiError Readonly
error_id Alarm Error Id

Alarm error id.		 string Readonly
message Error Message to Describe the Issue

Error message describing the issue.		 string Readonly

PolicyRuntimeInfoPerEP (schema)

PolicyRuntimeInfoPerEP

Runtime Info Per Enforcement Point.

Name Description Type Notes
alarm Alarm Information Details

Alarm information details.		 PolicyRuntimeAlarm Readonly
enforcement_point_path Enforcement point Path

Policy Path referencing the enforcement point where the info is fetched.
string Readonly

PolicyRuntimeOnEpRequestParameters (schema)

Request Parameters for Policy Runtime on enforcement point

Request parameters that represents an enforcement point path.
A request on runtime information can be parameterized with this path and will be
evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- an enforcement point path is specified: the request is evaluated only on the given
enforcement point.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

PolicyRuntimeRequestParameters (schema)

Request Parameters for Policy Runtime Information

Request parameters that represents an enforcement point path and data source.
A request on runtime information can be parameterized with this pair and will be
evaluted as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- an enforcement point path is specified: the request is evaluated only on the given
enforcement point.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

PolicySIEnforcementPointRequestParameters (schema)

Policy Service Insertion Request Parameters

Request parameters that represents an enforcement point path. A request can be |
parameterized with this path and will be evaluted as follows |
> no enforcement point path specified: the request is evaluated on DEFAULT enforcement
point.
> {enforcement_point_path}: the request is evaluated only on the given enforcement |
point.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

PolicySIExcludeList (schema)

Service Insertion Exclusion List

List of entities where Service Insertion will not be enforced. Exclusion List can contain PolicyGroup(s) or SegmentPort(s) or Segment(s).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
members ExcludeList member list

List of the members in the exclude list		 array of string Required
Maximum items: 100
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicySIExcludeList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicySIStatusConfiguration (schema)

Service Insertion Status

It represents status of Service Insertion for North-South and East-West context types.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
east_west_enabled East-West status flag

If set to true, service insertion for east-west traffic is enabled.
boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
north_south_enabled North-South status flag

If set to true, service insertion for north-south traffic is enabled.
boolean Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicySIStatusConfiguration string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyServiceChain (schema)

Policy Service Chain

Service chain is a set of network Services. A Service chain is made up of ordered list of service profiles belonging to any same or different services.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
failure_policy Failure Policy

Failure policy for the service defines the action to be taken i.e to allow or to block the traffic during failure scenarios.		 string Enum: ALLOW, BLOCK
Default: "ALLOW"
forward_path_service_profiles Forward path service profiles

Forward path service profiles are applied to ingress traffic.		 array of string Required
Maximum items: 4
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
path_selection_policy Path Selection Policy

Path selection policy can be - ANY - Service Insertion is free to redirect to any service path regardless of any load balancing considerations or flow pinning. LOCAL - Preference to be given to local service insances. REMOTE - Preference to be given to the SVM co-located on the same host. ROUND_ROBIN - All active service paths are hit with equal probability.		 string Enum: ANY, LOCAL, REMOTE, ROUND_ROBIN
Default: "ANY"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyServiceChain string
reverse_path_service_profiles Reverse path service profiles

Reverse path service profiles are applied to egress traffic and is optional. 2 different set of profiles can be defined for forward and reverse path. If not defined, the reverse of the forward path service profile is applied.		 array of string Maximum items: 4
service_segment_path Path to service segment

Path to service segment using which the traffic needs to be redirected.		 array of string Required
Minimum items: 1
Maximum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyServiceChainListResult (schema)

Policy Service Chain List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results All PolicyServiceChain objects array of PolicyServiceChain Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyServiceInstance (schema)

Represents an instance of partner Service and its configuration

Represents an instance of partner Service and its configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attributes Deployment Template attributes

List of attributes specific to a partner for which the service is created. There attributes are passed on to the partner appliance.		 array of Attribute Required
Maximum items: 128
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
compute_id Id of the compute resource.

Id of the compute(ResourcePool) to which this service needs to be deployed.		 string Required
context_id Id of the compute manager

UUID of VCenter/Compute Manager as seen on NSX Manager, to which this service needs to be deployed.		 string
deployment_mode Deployment Mode

Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.		 string Enum: STAND_ALONE, ACTIVE_STANDBY
Default: "ACTIVE_STANDBY"
deployment_spec_name Name of the Deployment Specification

Form factor for the deployment of partner service.		 string Required
deployment_template_name Name of the Deployment Template

Template for the deployment of partnet service.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
failure_policy Failure policy for the Service VM

Failure policy for the Service VM. If this values is not provided, it will be defaulted to FAIL_CLOSE.		 string Enum: ALLOW, BLOCK
Default: "BLOCK"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
partner_service_name Name of Partner Service

Unique name of Partner Service in the Marketplace		 string Required
path Absolute path of this object

Absolute path of this object		 string Readonly
primary_gateway_address Gateway for primary management console

Gateway address for primary management console.
If the provided segment already has gateway, this field can be omitted.
But if it is provided, it takes precedence always.
However, if provided segment does not have gateway, this field must be provided.
IPElement
primary_interface_mgmt_ip Management IP Address of primary interface of the Service

Management IP Address of primary interface of the Service		 IPElement Required
primary_interface_network Path of the segment to which primary interface of the Service VM needs to be connected

Path of the segment to which primary interface of the Service VM needs to be connected		 string
primary_portgroup_id Id of the standard or ditsributed port group for primary management console

Id of the standard or ditsributed port group for primary management console.
Please note that only 1 of the 2 values from
1. primary_interface_network
2. primary_portgroup_id
are allowed to be passed. Both can't be passed in the same request.
string
primary_subnet_mask Subnet for primary management console IP

Subnet for primary management console IP.
If the provided segment already has subnet, this field can be omitted.
But if it is provided, it takes precedence always.
However, if provided segment does not have subnet, this field must be provided.
IPElement
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyServiceInstance string
secondary_gateway_address Gateway for secondary management console

Gateway address for secondary management console.
If the provided segment already has gateway, this field can be omitted.
But if it is provided, it takes precedence always.
However, if provided segment does not have gateway, this field must be provided.
IPElement
secondary_interface_mgmt_ip Management IP Address of secondary interface of the Service

Management IP Address of secondary interface of the Service		 IPElement
secondary_interface_network Path of segment to which secondary interface of the Service VM needs to be connected

Path of segment to which secondary interface of the Service VM needs to be connected		 string
secondary_portgroup_id Id of the standard or ditsributed port group for secondary management console

Id of the standard or ditsributed port group for secondary management console.
Please note that only 1 of the 2 values from
1. secondary_interface_network
2. secondary_portgroup_id
are allowed to be passed. Both can't be passed in the same request.
string
secondary_subnet_mask Subnet for secondary management console IP

Subnet for secondary management console IP.
If the provided segment already has subnet, this field can be omitted.
But if it is provided, it takes precedence always.
However, if provided segment does not have subnet, this field must be provided.
IPElement
storage_id Id of the storage

Id of the storage(Datastore). VC moref of Datastore to which this service needs to be deployed.		 string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type Transport Type

Transport to be used while deploying Service-VM.		 string Enum: L2_BRIDGE, L3_ROUTED
Default: "L2_BRIDGE"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyServiceInstanceListRequestParameters (schema)

PolicyServiceInstance list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyServiceInstanceListResult (schema)

Collection of only SI objects

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service instance list results array of PolicyServiceInstance Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyServiceInstanceStatistics (schema)

Statistics for NICs on PolicyServiceInstance

Statistics for NICs for a PolicyServiceInstance

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
enforcement_point_path String Path of the enforcement point

Enforcement point path, forward slashes must be escaped using %2F.
string Readonly
instance_runtime_statistics Statistics for all runtimes

Statistics for the data NICs for all the runtimes associated
with this service instance.
array of InstanceRuntimeStatistic Readonly
service_instance_id PolicyServiceInstance path

PolicyServiceInsatnce path		 string Required
Readonly

PolicyServiceProfile (schema)

Policy Service Profile for a given Service

Service profile represents specialization of a vendor template. User may provide any of the vendor_template_name or vendor_template_key properties. But in case of multiple vendor templates with the same name, it is recommended to use the vendor_template_key. When both attributes are provided, name is ignored and only key is used to identify the template. If there are multiple templates with same name, and vendor_template_name is provided, realization will fail.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attributes Service profile attributes

List of attributes specific to a partner for which the service is created. These attributes are passed on to the partner appliance and are opaque to NSX. If a vendor template exposes configurable parameters, then their values are specified here.		 array of Attribute Maximum items: 128
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
redirection_action Redirection action

The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. Redirection action is not applicable to guest introspection service.		 string Enum: PUNT, COPY
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyServiceProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
vendor_template_key Vendor Template Key

The vendor template key property of actual vendor template. This should be used when multiple templates with same name exist.		 string
vendor_template_name Vendor template name

Name of the vendor template for which this Service Profile is being created.		 string

PolicyServiceProfileListRequestParameters (schema)

Policy Service Profile list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyServiceProfileListResult (schema)

Policy Service Profile List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service Profile list results array of PolicyServiceProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyServiceReferenceCascadeDeletionParam (schema)

Service reference casade delete param

Name Description Type Notes
cascade Flag to cascade delete all children associated with service reference boolean Default: "False"

PolicyStatisticsAggregateParameters (schema)

Request Parameters for Policy Statistics Aggregate

Request Parameter for aggregating Policy statistics on enforcement point.

Name Description Type Notes
action Action on statistics

Action to take on statistics for an object.
string Enum: aggregate
container_cluster_path String Path of the Container Cluster entity

Path to the container cluster entity where the request will be executed.
string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

PolicyStatisticsResetParameters (schema)

Request Parameters for Policy Statistics Reset

Request Parameter for resetting Policy statistics on enforcement point.

Name Description Type Notes
action Action on statistics

Action to take on statistics for an object.
string Required
Enum: reset
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

PolicySubAttributes (schema)

Policy Sub Attributes data holder

Name Description Type Notes
datatype Datatype for sub attribute string Required
Enum: STRING
key Key for sub attribute string Required
Enum: TLS_CIPHER_SUITE, TLS_VERSION, CIFS_SMB_VERSION
value Value for sub attribute key

Multiple sub attribute values can be specified as elements of array.
array of string Required
Minimum items: 1

PolicyTask (schema)

Task information

This object holds the information of the task.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
async_response_available True if response for asynchronous request is available boolean Readonly
cancelable True if this task can be canceled boolean Readonly
description Description of the task string Readonly
end_time The end time of the task in epoch milliseconds EpochMsTimestamp Readonly
failure_msg Reason of the task failure

This property holds the reason of the task failure, if any.
string Readonly
id Identifier for this task string Readonly
message A message describing the disposition of the task string Readonly
progress Task progress if known, from 0 to 100 integer Readonly
Minimum: 0
Maximum: 100
request_method HTTP request method string Readonly
request_uri URI of the method invocation that spawned this task string Readonly
start_time The start time of the task in epoch milliseconds EpochMsTimestamp Readonly
status Current status of the task TaskStatus Readonly
user Name of the user who created this task string Readonly

PolicyTepCsvListResult (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of PolicyTepTableCsvRecord

PolicyTepListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of PolicyTepTableEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
transport_node_id Transport node identifier string Readonly

PolicyTepTableCsvRecord (schema)

Name Description Type Notes
segment_id TEP segment identifier

This is the identifier of the TEP segment. This segment is NOT the same as logical segment or logical switch.		 string
tep_ip The tunnel endpoint IP address IPAddress
tep_label The tunnel endpoint label integer Required
tep_mac_address The tunnel endpoint MAC address string Required

PolicyTepTableEntry (schema)

Name Description Type Notes
segment_id The segment Id string
tep_ip The tunnel endpoint IP address IPAddress
tep_label The tunnel endpoint label integer
tep_mac_address The tunnel endpoint MAC address string

PolicyTier1MulticastConfig (schema)

Multicast routing configuration

Multicast routing configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable/disable Multicast Configuration

Enable/disable Multicast Configuration. Whenever service router needs to be added/deleted from tier1, user needs to disable multicast first.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyTier1MulticastConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyTimeIntervalValue (schema)

Time interval on which firewall schedule will be applicable

Name Description Type Notes
end_interval End time of the interval

Time in 24 hour and minutes in multiple of 30. Example, 17:30.
string Required
start_interval Start time of the interval

Time in 24 hour and minutes in multiple of 30. Example, 9:00.
string Required

PolicyTlsConfigProfile (schema)

Policy Tls config profile

A profile holding tls configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cache Turn on TLS cache

Turn on TLS cache
boolean Required
Default: "False"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyTlsConfigProfile string
ssl_cache_size TLS SSL cache size

TLS SSL cache size
integer
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyTlsConfigProfileListRequestParameters (schema)

Policy TLS config profile list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyTlsConfigProfileListResult (schema)

Paged Collection of Policy TLS config profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy TLS config profile list results array of PolicyTlsConfigProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyTraceflowObservationDelivered (schema)

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
interface_path Path of gateway or gateway interface string
lport_id The id of the logical port into which the traceflow packet was delivered string Readonly
lport_name The name of the logical port into which the traceflow packet was delivered string Readonly
resolution_type The resolution type of the delivered message for ARP

This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by port DB ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP ARP_VM - No suppression and the ARP request is resolved.		 string Readonly
Enum: UNKNOWN, ARP_SUPPRESSION_PORT_CACHE, ARP_SUPPRESSION_TABLE, ARP_SUPPRESSION_CP_QUERY, ARP_VM
resource_type Must be set to the value PolicyTraceflowObservationDelivered TraceflowObservationType Required
Default: "TraceflowObservationReceived"
segment_port_path The path of the segment port into which the traceflow packet was delivered. string Readonly
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
target_mac MAC address of the resolved IP by ARP

The source MAC address of form:
"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.
string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
vlan_id VLAN on bridged network VlanID

PolicyTraceflowObservationDropped (schema)

Name Description Type Notes
acl_rule_id The id of the L3 firewall rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a L3 firewall rule.
integer Readonly
acl_rule_path Access Control List Rule Path

The path of the ACL rule that was applied to forward the traceflow packet		 string Readonly
arp_fail_reason The detailed drop reason of ARP traceflow packet

This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction		 string Readonly
Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
interface_path Path of gateway or gateway interface string
jumpto_rule_id The ID of the jump-to rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a jump-to rule.
integer Readonly
l2_rule_id The ID of the l2 rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a l2 rule.
integer Readonly
lport_id The id of the logical port at which the traceflow packet was dropped string Readonly
lport_name The name of the logical port at which the traceflow packet was dropped string Readonly
nat_rule_id The ID of the NAT rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a NAT rule.
integer Readonly
nat_rule_path Network Address Translation Rule Path

The path of the NAT rule that was applied to forward the traceflow packet		 string Readonly
reason The reason traceflow packet was dropped

This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall		 string Readonly
Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN
resource_type Must be set to the value PolicyTraceflowObservationDropped TraceflowObservationType Required
Default: "TraceflowObservationReceived"
segment_port_path The path of the segment port into which the traceflow packet was dropped. string Readonly
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly

PolicyTraceflowObservationDroppedLogical (schema)

Name Description Type Notes
acl_rule_id The id of the L3 firewall rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a L3 firewall rule.
integer Readonly
acl_rule_path Access Control List Rule Path

The path of the ACL rule that was applied to forward the traceflow packet		 string Readonly
arp_fail_reason The detailed drop reason of ARP traceflow packet

This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction		 string Readonly
Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_id The id of the component that dropped the traceflow packet. string Readonly
component_name The name of the component that issued the observation. string Readonly
component_path The path of the component that dropped the traceflow packet string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
interface_path Path of gateway or gateway interface string
jumpto_rule_id The ID of the jump-to rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a jump-to rule.
integer Readonly
jumpto_rule_path Jump-to Rule Path

The path of the jump-to rule that was applied to the traceflow packet		 string Readonly
l2_rule_id The ID of the l2 rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a l2 rule.
integer Readonly
l2_rule_path L2 Rule Path

The path of the l2 rule that was applied to the traceflow packet		 string Readonly
lport_id The id of the logical port at which the traceflow packet was dropped string Readonly
lport_name The name of the logical port at which the traceflow packet was dropped string Readonly
nat_rule_id The ID of the NAT rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a NAT rule.
integer Readonly
nat_rule_path Network Address Translation Rule Path

The path of the NAT rule that was applied to forward the traceflow packet		 string Readonly
reason The reason traceflow packet was dropped

This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall		 string Readonly
Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN
resource_type Must be set to the value PolicyTraceflowObservationDroppedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
segment_port_path The path of the segment port into which the traceflow packet was dropped. string Readonly
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
service_path_index The index of service path

The index of service path that is a chain of services
represents the point where the traceflow packet was dropped.
integer Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly

PolicyTraceflowObservationForwardedLogical (schema)

Name Description Type Notes
acl_rule_id The id of the L3 firewall rule that was applied to forward the traceflow packet

This field is specified when the traceflow packet matched a L3 firewall rule.
integer Readonly
acl_rule_path Access Control List Rule Path

The path of the ACL rule that was applied to forward the traceflow packet		 string Readonly
component_id The id of the component that forwarded the traceflow packet. string Readonly
component_name The name of the component that issued the observation. string Readonly
component_path The path of the component that forwarded the traceflow packet string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
dst_component_id The id of the destination component to which the traceflow packet was forwarded. string Readonly
dst_component_name The name of the destination component to which the traceflow packet was forwarded. string Readonly
dst_component_path The path of the destination component to which the traceflow packet was forwarded string Readonly
dst_component_type The type of the destination component to which the traceflow packet was forwarded. TraceflowComponentType Readonly
interface_path Path of gateway or gateway interface string
jumpto_rule_id The ID of the jump-to rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a jump-to rule.
integer Readonly
jumpto_rule_path Jump-to Rule Path

The path of the jump-to rule that was applied to the traceflow packet		 string Readonly
l2_rule_id The ID of the l2 rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a l2 rule.
integer Readonly
l2_rule_path L2 Rule Path

The path of the l2 rule that was applied to the traceflow packet		 string Readonly
lport_id The id of the logical port through which the traceflow packet was forwarded. string Readonly
lport_name The name of the logical port through which the traceflow packet was forwarded. string Readonly
nat_rule_id The ID of the NAT rule that was applied to forward the traceflow packet

This field is specified when the traceflow packet matched a NAT rule.
integer Readonly
nat_rule_path Network Address Translation Rule Path

The path of the NAT rule that was applied to forward the traceflow packet		 string Readonly
resend_type The type of packet resending

ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type		 string Readonly
Enum: UNKNOWN, ARP_UNKNOWN_FROM_CP, ND_NS_UNKNWON_FROM_CP
resource_type Must be set to the value PolicyTraceflowObservationForwardedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
segment_port_path The path of the segment port into which the traceflow packet was forwared. string Readonly
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
service_index The index of the service insertion component integer Readonly
service_path_index The path index of the service insertion component integer Readonly
service_ttl The ttl of the service insertion component integer Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
spoofguard_ip Prefix IP address matched in the whitelist in spoofguard

This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard.		 IPCIDRBlock Readonly
spoofguard_mac MAC address matched in the whitelist in spoofguard

The source MAC address of form:
"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.
MACAddress Readonly
spoofguard_vlan_id VLAN id matched in the whitelist in spoofguard

This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard.		 VlanID Readonly
svc_nh_mac MAC address of nexthop

MAC address of nexthop for service insertion(SI)
in service VM(SVM) where the traceflow packet was received.
string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
translated_dst_ip The translated destination IP address of VNP/NAT IPAddress Readonly
translated_src_ip The translated source IP address of VPN/NAT IPAddress Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
vlan VLAN for the logical network on which the traceflow packet was forwarded

This field is specified when the traceflow packet was forwarded by a VLAN
logical network.
VlanID Readonly
vni VNI for the logical network on which the traceflow packet was forwarded.

This field is specified when the traceflow packet was forwarded by an overlay
logical network.
int Readonly

PolicyTraceflowObservationReceivedLogical (schema)

Name Description Type Notes
component_id The id of the component that received the traceflow packet. string Readonly
component_name The name of the component that issued the observation. string Readonly
component_path The path of the component that received the traceflow packet string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
interface_path Path of gateway or gateway interface string
lport_id The id of the logical port at which the traceflow packet was received string Readonly
lport_name The name of the logical port at which the traceflow packet was received string Readonly
resource_type Must be set to the value PolicyTraceflowObservationReceivedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
segment_port_path The path of the segment port into which the traceflow packet was received. string Readonly
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
src_component_id The id of the source component from which the traceflow packet was received. string Readonly
src_component_name The name of source component from which the traceflow packet was received. string Readonly
src_component_path The path of the source component from which the traceflow packet was received string Readonly
src_component_type The type of the source component from which the traceflow packet was received. TraceflowComponentType Readonly
svc_mac MAC address of SAN volume controller

MAC address of SAN volume controller for service insertion(SI)
in service VM(SVM) where the traceflow packet was received.
string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
vlan VLAN for the logical network on which the traceflow packet was received.

This field is specified when the traceflow packet was received by a VLAN
logical network.
VlanID Readonly
vni VNI for the logical network on which the traceflow packet was received.

This field is specified when the traceflow packet was received by an overlay
logical network.
int Readonly

PolicyTraceflowObservationRelayedLogical (schema)

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
dst_server_address The IP address of the destination

This field specified the IP address of the destination which the packet will be relayed.		 IPAddress Required
Readonly
logical_comp_uuid The id of the component which relay service located

This field specified the logical component that relay service located.		 string Readonly
logical_component_path The path of the component on which relay service located

This field specifies the logical component that relay service located on.		 string Readonly
message_type The type of the relay service

This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client		 string Required
Readonly
Enum: REQUEST, REPLY
Default: "REQUEST"
relay_server_address The IP address of relay service

This field specified the IP address of the relay service.		 IPAddress Required
Readonly
resource_type Must be set to the value PolicyTraceflowObservationRelayedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly

PolicyTransportZone (schema)

Transport Zone

Transport Zone.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_default Flag to indicate if the transport zone is the default one

Flag to indicate if the transport zone is the default one. Only one
transport zone can be the default one for a given transport zone type.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
nested_nsx Flag to indicate if all transport nodes in this transport zone are connected through nested NSX.

This flag should be set to true in nested NSX environment. When the "allow_changing_vdr_mac_in_use" property in the global config object RoutingGlobalConfig is false, this flag can not be changed if this transport zone is OVERLAY and the change will make any transport node in this transport zone to change the VDR MAC used in any host switch. When this flag is true and this transport zone is OVERLAY, all host switches in this transport zone will use the VDR MAC in the "vdr_mac_nested" property in the global config object RoutingGlobalConfig.		 boolean Default: "False"
nsx_id Transport Zone UUID on NSX-T Enforcement Point

UUID of transport zone on NSX-T enforcement point.		 string Readonly
origin_id The host switch id generated by the system.

This field is populated only if the transport zone was created by NSX system to support security on vSphere Distributed Switch (vDS). The origin_id will refer to the identifier of corresponding vDS from it's parent vCenter server.		 string Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyTransportZone string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zone_profile_paths Policy Transport Zone Profile paths

Policy Transport Zone Profile paths		 array of string
tz_type Transport Zone Type

Transport Zone Traffic type, must be one of either VLAN_BACKED or OVERLAY_BACKED.
OVERLAY_STANDARD, OVERLAY_ENS and UNKNOWN are DEPRECATED. STANDARD, ENS and ENS_INTERRUPT
are hostSwitch modes and same need to be given in HostTransportNode.HostSwitchSpec.
string Enum: OVERLAY_STANDARD, OVERLAY_ENS, VLAN_BACKED, OVERLAY_BACKED, UNKNOWN
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
uplink_teaming_policy_names Names of the switching uplink teaming policies that are supported by this transport zone.

The names of switching uplink teaming policies that all transport nodes in this transport zone support. Uplinkin teaming policies are only valid for VLAN backed transport zones.		 array of string

PolicyTransportZoneListRequestParameters (schema)

Policy Transport Zone List Request Parameters

Policy Transport Zone list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyTransportZoneListResult (schema)

Paged Collection of Transport Zone

Paged Collection of Transport Zone

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Transport Zone List Result

Transport Zone list result.		 array of PolicyTransportZone Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyTransportZoneProfile (schema)

Transport Zone Profile

Transport Zone Profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bfd_config Bfd Profile Options

Bfd Health Monitoring Options
BfdHealthMonitoringConfig Required
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyTransportZoneProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tz_profile_type Policy Transport Zone Type

Policy Transport Zone Type.		 string Required
Enum: BFD
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyTransportZoneProfileListRequestParameters (schema)

Policy Transport Zone Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyTransportZoneProfileListResult (schema)

Paged collection of Policy Transport Zone Profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy Transport Zone profile list results array of PolicyTransportZoneProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyTunnelDigestAlgorithm (schema) (Deprecated)

Digest Algorithms used in tunnel establishment

The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.

Name Description Type Notes
PolicyTunnelDigestAlgorithm Digest Algorithms used in tunnel establishment

The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
string Deprecated
Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

PolicyTunnelEncryptionAlgorithm (schema) (Deprecated)

Encryption algorithm used in tunnel

TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged
during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses
128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin
authentication.

Name Description Type Notes
PolicyTunnelEncryptionAlgorithm Encryption algorithm used in tunnel

TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged
during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses
128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin
authentication.
string Deprecated
Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256

PolicyUplinkHostSwitchProfile (schema)

Profile for uplink policies

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
lags list of LACP group array of Lag Maximum items: 64
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mtu Maximum Transmission Unit used for uplinks int Minimum: 1280
named_teamings List of named uplink teaming policies that can be used by logical switches array of NamedTeamingPolicy Maximum items: 32
overlay_encap The protocol used to encapsulate overlay traffic string Enum: VXLAN, GENEVE
Default: "GENEVE"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
required_capabilities array of string Readonly
resource_type Must be set to the value PolicyUplinkHostSwitchProfile PolicyHostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
teaming Default TeamingPolicy associated with this UplinkProfile TeamingPolicy Required
transport_vlan VLAN used for tagging Overlay traffic of associated HostSwitch VlanID Default: "0"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyUrlCategorizationConfig (schema)

URL categorization entity

The type contains information about the configuration of the feature for a
specific node. It contains information like the whether the feature is
enabled/disabled, the context profiles defining the category list to
detect.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
context_profiles Context profiles

The ids of the context profiles that provides the list of categories to
be detected. This field is deprecated. URL Categorization will not be
supported in association with context profiles.
array of string Deprecated
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enabled

Property which specifies the enabling/disabling of the feature.
boolean Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyUrlCategorizationConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
update_frequency Policy URL Categorization Update Frequency

The frequency in minutes at which the updates are downloaded from the
URL categorization cloud service. The minimum allowed value is 5
minutes.
int Minimum: 5
Default: "30"

PolicyUrlCategory (schema)

Policy URL category

Every URL is classified into one or more of 83 pre-defined categories.
Examples of categories are 'Shopping', 'Financial Services', 'Travel', etc.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category_id Category id

The id of the category.		 int Required
category_name Category name

The name of the category.		 string Required
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PolicyUrlCategory string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyUrlCategoryListRequestParameters (schema)

URL category list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyUrlCategoryListResult (schema)

List of Policy URL categories

List of Policy URL categories.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Category list result array of PolicyUrlCategory Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PolicyUrlReputationSeverity (schema)

Policy URL reputation severity

The reputation severity of an URL.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
max_reputation Maximum reputation

The maximum reputation for the severity.		 int Required
min_reputation Minimim Reputation

The minimum reputation for the severity.		 int Required
name Reputation severity name

The name of the severity.		 string Required
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
reputation_severity_id Reputation severity id

The id of the reputation severity.		 int Required
resource_type Must be set to the value PolicyUrlReputationSeverity string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PolicyUrlReputationSeverityListRequestParameters (schema)

URL reputation severity list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PolicyUrlReputationSeverityListResult (schema)

List of URL reputation severities

List of URL reputation severities.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Reputation Severity list array of PolicyUrlReputationSeverity Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PoolAlgorithm (schema)

load balancing algorithm

Load Balancing algorithm chooses a server for each new connection by going
through the list of servers in the pool. Currently, following load balancing
algorithms are supported with ROUND_ROBIN as the default.
ROUND_ROBIN means that a server is selected in a round-robin fashion. The
weight would be ignored even if it is configured.
WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted
round-robin fashion. Default weight of 1 is used if weight is not configured.
LEAST_CONNECTION means that a server is selected when it has the least
number of connections. The weight would be ignored even if it is configured.
Slow start would be enabled by default.
WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted
least connection fashion. Default weight of 1 is used if weight is not
configured. Slow start would be enabled by default.
IP_HASH means that consistent hash is performed on the source IP address of
the incoming connection. This ensures that the same client IP address will
always reach the same server as long as no server goes down or up. It may
be used on the Internet to provide a best-effort stickiness to clients
which refuse session cookies.

Name Description Type Notes
PoolAlgorithm load balancing algorithm

Load Balancing algorithm chooses a server for each new connection by going
through the list of servers in the pool. Currently, following load balancing
algorithms are supported with ROUND_ROBIN as the default.
ROUND_ROBIN means that a server is selected in a round-robin fashion. The
weight would be ignored even if it is configured.
WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted
round-robin fashion. Default weight of 1 is used if weight is not configured.
LEAST_CONNECTION means that a server is selected when it has the least
number of connections. The weight would be ignored even if it is configured.
Slow start would be enabled by default.
WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted
least connection fashion. Default weight of 1 is used if weight is not
configured. Slow start would be enabled by default.
IP_HASH means that consistent hash is performed on the source IP address of
the incoming connection. This ensures that the same client IP address will
always reach the same server as long as no server goes down or up. It may
be used on the Internet to provide a best-effort stickiness to clients
which refuse session cookies.
string Enum: ROUND_ROBIN, WEIGHTED_ROUND_ROBIN, LEAST_CONNECTION, WEIGHTED_LEAST_CONNECTION, IP_HASH

PoolMember (schema)

Name Description Type Notes
admin_state member admin state PoolMemberAdminStateType Default: "ENABLED"
backup_member determine whether the pool member is for backup usage

Backup servers are typically configured with a sorry page indicating to
the user that the application is currently unavailable. While the pool
is active (a specified minimum number of pool members are active)
BACKUP members are skipped during server selection. When the pool is
inactive, incoming connections are sent to only the BACKUP member(s).
boolean Default: "False"
display_name pool member name string
ip_address pool member IP address IPAddress Required
max_concurrent_connections maximum concurrent connection number

To ensure members are not overloaded, connections to a member can be
capped by the load balancer. When a member reaches this limit, it is
skipped during server selection.
If it is not specified, it means that connections are unlimited.
integer Minimum: 1
Maximum: 2147483647
port pool member port number

If port is specified, all connections will be sent to this port. Only
single port is supported.
If unset, the same port the client connected to will be used, it could
be overrode by default_pool_member_port setting in virtual server.
The port should not specified for port range case.
PortElement
weight pool member weight

Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing
algorithm. The weight value would be ignored in other algorithms.
integer Minimum: 1
Maximum: 256
Default: "1"

PoolMemberAction (schema)

Name Description Type Notes
action Specifies addition, removal and modification action string Required
Enum: ADD_MEMBERS, REMOVE_MEMBERS, UPDATE_MEMBERS

PoolMemberAdminStateType (schema)

pool member admin state

User can set the admin state of a member to ENABLED or DISABLED or
GRACEFUL_DISABLED. By default, when a member is added, it is ENABLED.
If a member is set to DISABLED, it is not selected for any new
connections. Active connections, however, will continue to be processed
by it. New connections with matching persistence entries pointing to
DISABLED members are not sent to those DISABLED members. Those connections
are assigned to other members of the pool and the corresponding persistence
entries are updated to point to the newly selected server.
To allow for a more graceful way of taking down servers for maintenance, a
routine task, another admin state GRACEFUL_DISABLED is supported. Existing
connections to a member in GRACEFUL_DISABLED state continue to be processed.

Name Description Type Notes
PoolMemberAdminStateType pool member admin state

User can set the admin state of a member to ENABLED or DISABLED or
GRACEFUL_DISABLED. By default, when a member is added, it is ENABLED.
If a member is set to DISABLED, it is not selected for any new
connections. Active connections, however, will continue to be processed
by it. New connections with matching persistence entries pointing to
DISABLED members are not sent to those DISABLED members. Those connections
are assigned to other members of the pool and the corresponding persistence
entries are updated to point to the newly selected server.
To allow for a more graceful way of taking down servers for maintenance, a
routine task, another admin state GRACEFUL_DISABLED is supported. Existing
connections to a member in GRACEFUL_DISABLED state continue to be processed.
string Enum: ENABLED, DISABLED, GRACEFUL_DISABLED

PoolMemberGroup (schema)

Name Description Type Notes
customized_members List of customized pool member settings

The list is used to show the customized pool member settings. User can
only user pool member action API to update the admin state for a specific
IP address.
array of PoolMemberSetting
grouping_object Grouping object resource reference

Load balancer pool support grouping object as dynamic pool members.
The IP list of the grouping object such as NSGroup would be used as
pool member IP setting.
ResourceReference Required
ip_revision_filter Filter of ipv4 or ipv6 address of grouping object IP list

Ip revision filter is used to filter IPv4 or IPv6 addresses from the
grouping object.
If the filter is not specified, both IPv4 and IPv6 addresses would be
used as server IPs.
The link local and loopback addresses would be always filtered out.
string Enum: IPV4, IPV6, IPV4_IPV6
Default: "IPV4"
max_ip_list_size Maximum number of grouping object IP address list

The size is used to define the maximum number of grouping object IP
address list. These IP addresses would be used as pool members.
If the grouping object includes more than certain number of
IP addresses, the redundant parts would be ignored and those IP
addresses would not be treated as pool members.
If the size is not specified, one member is budgeted for this dynamic
pool so that the pool has at least one member even if some other
dynamic pools grow beyond the capacity of load balancer service. Other
members are picked according to available dynamic capacity. The unused
members would be set to DISABLED so that the load balancer system
itself is not overloaded during runtime.
integer Minimum: 0
Maximum: 2147483647
port Pool member port for all IP addresses of the grouping object

If port is specified, all connections will be sent to this port.
If unset, the same port the client connected to will be used, it could
be overridden by default_pool_member_ports setting in virtual server.
The port should not specified for multiple ports case.
int Minimum: 1
Maximum: 65535

PoolMemberSetting (schema)

Pool member setting

The setting is used to add, update or remove pool members from pool.
For static pool members, admin_state, display_name and weight can be
updated.
For dynamic pool members, only admin_state can be updated.

Name Description Type Notes
admin_state Member admin state PoolMemberAdminStateType Default: "ENABLED"
display_name Pool member display name

Only applicable to static pool members. If supplied for a pool defined
by a grouping object, update API would fail.
string
ip_address Pool member IP address IPAddress Required
port Pool member port number PortElement
weight Pool member weight

Only applicable to static pool members. If supplied for a pool defined
by a grouping object, update API would fail.
integer Minimum: 1
Maximum: 255

PoolMemberSettingList (schema)

List of PoolMemberSetting

Name Description Type Notes
members List of pool member settings to be passed to add, update and remove APIs array of PoolMemberSetting Required

PoolUsage (schema)

Pool usage statistics in a pool.

Name Description Type Notes
allocated_ids Total number of allocated IDs in a pool integer Readonly
free_ids Total number of free IDs in a pool integer Readonly
total_ids Total number of IDs in a pool integer Readonly

PortAddressBindingEntry (schema)

Address binding information

Detailed information about static address for the port.

Name Description Type Notes
ip_address IP address

IP Address for port binding		 string
mac_address MAC address

Mac address for port binding		 MACAddress
vlan_id VLAN ID

VLAN ID for port binding		 VlanID

PortAttacher (schema) (Deprecated)

VM or vmknic entity attached to LogicalPort

Name Description Type Notes
entity Reference to the attached entity

This is a vmknic name if the attacher is vmknic. Otherwise, it is
full path of the attached VM's config file
string Required
host TransportNode on which the attacher resides string Required

PortAttachment (schema)

Attachment information on the port

Detail information about port attachment

Name Description Type Notes
allocate_addresses Allocate addresses

Indicate how IP will be allocated for the port		 string Enum: IP_POOL, MAC_POOL, BOTH, NONE, DHCP
app_id App Id

ID used to identify/look up a child attachment behind a parent attachment
string
bms_interface_config Application interface configuration for Bare metal server

Indicate application interface configuration for Bare Metal Server.		 AttachedInterfaceEntry
context_id Context ID based on the type

If type is CHILD and the parent port is on the same segment as the child port, then this
field should be VIF ID of the parent port.
If type is CHILD and the parent port is on a different segment, then this
field should be policy path of the parent port.
If type is INDEPENDENT/STATIC, then this field should be transport node ID.
string
context_type Context Type

Set to PARENT when type field is CHILD. Read only field.		 string Readonly
Enum: PARENT
evpn_vlans Evpn tenant VLAN IDs the Parent logical-port serves.

List of Evpn tenant VLAN IDs the Parent logical-port serves in Evpn Route-Server mode. Only effective when attachment type is PARENT and the logical-port is attached to vRouter VM.		 array of string Minimum items: 0
Maximum items: 1000
hyperbus_mode Hyperbus mode

Flag to indicate if hyperbus configuration is required.		 string Enum: ENABLE, DISABLE
Default: "DISABLE"
id Port attachment ID

VIF UUID on NSX Manager. If the attachement type is PARENT, this property is required.		 string
traffic_tag VLAN ID

Not valid when type field is INDEPENDENT, mainly used to identify
traffic from different ports in container use case.
VlanID
type Attachement type

Type of port attachment. STATIC is added to replace INDEPENDENT. INDEPENDENT type and PARENT type are deprecated.		 string Enum: PARENT, CHILD, INDEPENDENT, STATIC

PortConnectionBMEntities (schema)

Port Connection Bare Metal Entities

Name Description Type Notes
dst_port LogicalPort
src_port LogicalPort

PortConnectionContainersEntities (schema)

Port Connection Containers Entities

Name Description Type Notes
logical_ports array of LogicalPort

PortConnectionEdgeNodeGroup (schema)

Collection of edge nodes backing a logical router

Name Description Type Notes
edge_nodes array of TransportNode
id Resource ID is mapped to this. (ID is Generated for Edge node groups, since resource will be null) string Required
Readonly
logical_router_id Id of the logical router string Required
resource Resource reference with details of the entity ManagedResource Readonly

PortConnectionEntities (schema)

Port Connection Entities (to help draw a visual picture of entities between two ports)

Name Description Type Notes
containers PortConnectionContainersEntities Required
edge_node_groups array of PortConnectionEdgeNodeGroup
errors array of PortConnectionError Required
hypervisors array of PortConnectionHypervisor Required
logical_switches array of PortConnectionLogicalSwitch Required
physical_hosts PortConnectionBMEntities
routers array of PortConnectionRouter
tunnels array of PortConnectionTunnel Required
vms array of VirtualMachine Required

PortConnectionEntity (schema)

Port Connection Entity

Name Description Type Notes
id Resource ID is mapped to this. (ID is Generated for Edge node groups, since resource will be null) string Required
Readonly
resource Resource reference with details of the entity ManagedResource Readonly

PortConnectionError (schema)

Errors encountered while fetching entities in the forwarding path

Name Description Type Notes
entity_type string
error_details object
error_summary string

PortConnectionHypervisor (schema)

Port Connection Hypervisor/Transport Node Entity

Name Description Type Notes
id Resource ID is mapped to this. (ID is Generated for Edge node groups, since resource will be null) string Required
Readonly
neighbors_list array of InterfaceNeighborProperties
pnics array of Pnic Deprecated
pnics_list array of NodeInterfaceProperties
profiles array of BaseHostSwitchProfile
(Abstract type: pass one of the following concrete types)
ExtraConfigHostSwitchProfile
LldpHostSwitchProfile
NiocProfile
UplinkHostSwitchProfile
resource Resource reference with details of the entity ManagedResource Readonly

PortConnectionLogicalSwitch (schema)

Port Connection Logical Switch Entity

Name Description Type Notes
id Resource ID is mapped to this. (ID is Generated for Edge node groups, since resource will be null) string Required
Readonly
resource Resource reference with details of the entity ManagedResource Readonly
router_ports Logical Ports that are attached to a router array of LogicalPort Readonly
vm_ports Logical Ports that are attached to a VIF/VM array of LogicalPort Required
Readonly
vm_ports_states States of Logical Ports that are attached to a VIF/VM array of LogicalPortState Required
Readonly
vm_vnics Virutal Network Interfaces that are attached to the Logical Ports array of VirtualNetworkInterface Readonly

PortConnectionRequestParameters (schema)

Port Connection request parameters

Name Description Type Notes
peer_port_id ID of peer port string Required

PortConnectionRouter (schema)

Port Connection Logical Router Entity

Name Description Type Notes
downlink_ports Downlink ports of the Logical Router. array of LogicalRouterPort
(Abstract type: pass one of the following concrete types)
LogicalRouterCentralizedServicePort
LogicalRouterDownLinkPort
LogicalRouterLinkPortOnTIER0
LogicalRouterLinkPortOnTIER1
LogicalRouterLoopbackPort
LogicalRouterUpLinkPort		 Required
Readonly
id Resource ID is mapped to this. (ID is Generated for Edge node groups, since resource will be null) string Required
Readonly
resource Resource reference with details of the entity ManagedResource Readonly
uplink_ports Uplink ports of the Logical Router. array of LogicalRouterPort
(Abstract type: pass one of the following concrete types)
LogicalRouterCentralizedServicePort
LogicalRouterDownLinkPort
LogicalRouterLinkPortOnTIER0
LogicalRouterLinkPortOnTIER1
LogicalRouterLoopbackPort
LogicalRouterUpLinkPort		 Required
Readonly

PortConnectionTunnel (schema)

Tunnel information between two given transport nodes

Name Description Type Notes
src_node_id Id of the source transport node string Required
tunnel_properties Tunnel properties between the source and the destination transport node TunnelProperties Required

PortDiscoveryProfileBindingMap (schema)

Port Discovery Profile binding map

This entity will be used to establish association between discovery
profile and Port. Using this entity, user can specify intent for applying
discovery profile to particular Port. Port here is Logical Port.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_discovery_profile_path IP Discovery Profile Path

PolicyPath of associated IP Discovery Profile		 string
mac_discovery_profile_path Mac Discovery Profile Path

PolicyPath of associated Mac Discovery Profile		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PortDiscoveryProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PortDiscoveryProfileBindingMapListRequestParameters (schema)

Port Discovery Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PortDiscoveryProfileBindingMapListResult (schema)

Paged collection of Port Discovery Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Port Discovery Profile Binding Map list results array of PortDiscoveryProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PortElement (schema)

A port or a port range

Examples- Single port "8080", Range of ports "8090-8095"

Name Description Type Notes
PortElement A port or a port range

Examples- Single port "8080", Range of ports "8090-8095"
string Format: port-or-range

PortMirrorFilter (schema)

Name Description Type Notes
destination_ips Destination IP used to filter packets

Destination IP in the form of IPAddresses, used to match the destination IP of a packet. If not provided, no filtering by destination IPs is performed.		 IPAddresses
destination_ports Destination port or port range used to filter packets

Destination port in the form of a port or port range, used to match the destination port of a packet. If not provided, no filtering by destination port is performed.		 PortElement
protocol The protocol used to filter packets.

The transport protocols of TCP or UDP, used to match the transport protocol of a packet. If not provided, no filtering by IP protocols is performed.		 string Enum: TCP, UDP
source_ips Source IP used to filter packets

Source IP in the form of IPAddresses, used to match the source IP of a packet. If not provided, no filtering by source IPs is performed.		 IPAddresses
source_ports Source port or port range used to filter packets

Source port in the form of a port or port range, used to match the source port of a packet. If not provided, no filtering by source port is performed.		 PortElement

PortMirroringFilter (schema)

Name Description Type Notes
dst_ips Destination IP used to filter packets

Destination IP in the form of IPAddresses, used to match the destination IP of a packet. If not provided, no filtering by destination IPs is performed.		 IPAddresses
dst_ports Destination port or port range used to filter packets

Destination port in the form of a port or port range, used to match the destination port of a packet. If not provided, no filtering by destination port is performed.		 PortElement
filter_action Mirror action to filter packets

If set to MIRROR, packets will be mirrored. If set to DO_NOT_MIRROR, packets will not be mirrored.		 string Enum: MIRROR, DO_NOT_MIRROR
Default: "MIRROR"
ip_protocol The protocol used to filter packets.

The transport protocols of TCP or UDP, used to match the transport protocol of a packet. If not provided, no filtering by IP protocols is performed.		 string Enum: TCP, UDP
src_ips Source IP used to filter packets

Source IP in the form of IPAddresses, used to match the source IP of a packet. If not provided, no filtering by source IPs is performed.		 IPAddresses
src_ports Source port or port range used to filter packets

Source port in the form of a port or port range, used to match the source port of a packet. If not provided, no filtering by source port is performed.		 PortElement

PortMirroringProfile (schema)

Mirrors Data from source to destination

Mirrors Data from source to destination

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_group Destination group path

Data from source group will be copied to members of
destination group. Only IPSET group and group with
membership criteria VM is supported. IPSET group allows only
three ip's.
string Required
direction Direction

Port mirroring profile direction		 string Enum: INGRESS, EGRESS, BIDIRECTIONAL
Default: "BIDIRECTIONAL"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
encapsulation_type Mirror Destination encapsulation type

User can provide Mirror Destination type e.g GRE, ERSPAN_TWO or ERSPAN_THREE.If profile type is REMOTE_L3_SPAN, encapsulation type is used else ignored.		 string Enum: GRE, ERSPAN_TWO, ERSPAN_THREE
Default: "GRE"
erspan_id ERSPAN session id

Used by physical switch for the mirror traffic forwarding.
Must be provided and only effective when encapsulation type is
ERSPAN type II or type III.
int Minimum: 0
Maximum: 1023
Default: "0"
filter_action Action to include or exclude traffic for all filter in port_mirroring_filters

If set to INCLUDE, packets matching all filters will be mirrored.
If set to EXCLUDE, packets NOT matching any filters will be mirrored.
string Enum: INCLUDE, EXCLUDE
Default: "INCLUDE"
gre_key GRE encapsulation key

User-configurable 32-bit key only for GRE		 int Minimum: 0
Default: "0"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
port_mirroring_filters Port mirroring filter

An array of 5-tuples used to filter packets for the mirror session. If not provided, all the packets will be mirrored. This field is with filter_action which defines whether packets matching the filter will be included or excluded		 array of PortMirrorFilter Minimum items: 0
Maximum items: 1
profile_type Allows user to select type of port mirroring session. string Enum: REMOTE_L3_SPAN, LOGICAL_SPAN
Default: "REMOTE_L3_SPAN"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PortMirroringProfile string
snap_length Maximum packet length for packet truncation

If this property is set, the packet will be truncated to the provided
length. If this property is unset, entire packet will be mirrored.
int Minimum: 60
Maximum: 65535
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_ip_stack Mirror Destination encapsulation type

User can provide Mirror stack or Default stack to send mirror traffic. If profile type is REMOTE_L3_SPAN, tcp_ip_stack type is used else ignored.		 string Enum: Default, Mirror
Default: "Default"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PortMirroringProfileListRequestParameters (schema)

Port mirroring profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PortMirroringProfileListResult (schema)

Paged collection of port mirroring profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Port Mirroring Profiles list results array of PortMirroringProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PortMirroringSession (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
direction Port mirroring session direction DirectionType Required
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
encapsulation_vlan_id Encapsulation VLAN ID

Only for Remote SPAN Port Mirror.		 VlanID
id Unique identifier of this resource string Sortable
mirror_destination Mirror destination MirrorDestination
(Abstract type: pass one of the following concrete types)
IPMirrorDestination
LogicalPortMirrorDestination
PnicMirrorDestination		 Required
mirror_sources Mirror sources array of MirrorSource
(Abstract type: pass one of the following concrete types)
LogicalPortMirrorSource
LogicalSwitchMirrorSource
PnicMirrorSource
VlanMirrorSource		 Required
Minimum items: 1
port_mirroring_filters Port mirror filter for this session

An array of 5-tuples used to filter packets for the mirror session, if not provided, all the packets will be mirrored.		 array of PortMirroringFilter
preserve_original_vlan Only for Remote SPAN Port Mirror. Whether to preserve original VLAN. boolean Default: "False"
resource_type Must be set to the value PortMirroringSession string
session_type Port mirroring session type

If this property is unset, this session will be treated as
LocalPortMirrorSession.
PortMirroringSessionType Default: "LocalPortMirrorSession"
snap_length Maximum packet length for packet truncation

If this property is set, the packet will be truncated to the provided
length. If this property is unset, entire packet will be mirrored.
integer Minimum: 60
Maximum: 65535
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_ip_stack TCP/IP Stack

If set to mirror, mirror packet will be sent via dedicated mirror stack
to destination; If set to default, mirror packet will be sent via default stack;
So far, the value mirror can only be chosen in L3PortMirrorSession.
string Enum: Default, Mirror

PortMirroringSessionListResult (schema)

Mirror session queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Port mirroring session results array of PortMirroringSession Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PortMirroringSessionType (schema)

Resource types of mirror session

PortMirroringSession is the configuration instance of port mirroring, you can
create different types of PortMirroringSession with different mirror source
and mirror destination.
Each port mirror session type has its own mirror source and mirror destination pair.
LocalPortMirrorSession include LogicalPortMirrorSession and UplinkPortMirrorSession.
You can create multiple mirror sessions of same parent type by one API call.
LogicalPortMirrorSession
- source[LogicalPortMirrorSource] destination[LogicalPortMirrorDestination]
UplinkPortMirrorSession
- source[PnicMirrorSource] destination[LogicalPortMirrorDestination]
RspanSrcMirrorSession
- source[LogicalPortMirrorSource] destination[PnicMirrorDestination]
RspanDstMirrorSession
- source[VlanMirrorSource] destination[LogicalPortMirrorDestination]
LogicalLocalPortMirrorSession
- source[LogicalPortMirrorSource] destination[LogicalPortMirrorDestination]
L3PortMirrorSession
- source[LogicalPortMirrorSource or LogicalSwitchMirrorSource] destination[IPMirrorDestination]

Name Description Type Notes
PortMirroringSessionType Resource types of mirror session

PortMirroringSession is the configuration instance of port mirroring, you can
create different types of PortMirroringSession with different mirror source
and mirror destination.
Each port mirror session type has its own mirror source and mirror destination pair.
LocalPortMirrorSession include LogicalPortMirrorSession and UplinkPortMirrorSession.
You can create multiple mirror sessions of same parent type by one API call.
LogicalPortMirrorSession
- source[LogicalPortMirrorSource] destination[LogicalPortMirrorDestination]
UplinkPortMirrorSession
- source[PnicMirrorSource] destination[LogicalPortMirrorDestination]
RspanSrcMirrorSession
- source[LogicalPortMirrorSource] destination[PnicMirrorDestination]
RspanDstMirrorSession
- source[VlanMirrorSource] destination[LogicalPortMirrorDestination]
LogicalLocalPortMirrorSession
- source[LogicalPortMirrorSource] destination[LogicalPortMirrorDestination]
L3PortMirrorSession
- source[LogicalPortMirrorSource or LogicalSwitchMirrorSource] destination[IPMirrorDestination]
string Enum: LogicalPortMirrorSession, UplinkPortMirrorSession, RspanSrcMirrorSession, RspanDstMirrorSession, LocalPortMirrorSession, LogicalLocalPortMirrorSession, L3PortMirrorSession

PortMonitoringProfileBindingMap (schema)

Port Monitoring Profile binding map

This entity will be used to establish association between monitoring
profile and Port. Using this entity, user can specify intent for applying
monitoring profile to particular Port. Port here is Segment Port.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipfix_l2_profile_path IPFIX L2 Profile Path

PolicyPath of associated IPFIX L2 Profile		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
port_mirroring_profile_path Port Mirroring Profile Path

PolicyPath of associated Port Mirroring Profile		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PortMonitoringProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PortMonitoringProfileBindingMapListRequestParameters (schema)

Port Monitoring Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PortMonitoringProfileBindingMapListResult (schema)

Paged collection of Port Monitoring Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Port Monitoring Profile Binding Map list results array of PortMonitoringProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PortQoSProfileBindingMap (schema)

Port QoS Profile binding map

This entity will be used to establish association between qos
profile and Port. Using this entity, you can specify intent for applying
qos profile to particular Port. Port here is Segment Port.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
qos_profile_path QoS Profile Path

PolicyPath of associated QoS Profile		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PortQoSProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PortQoSProfileBindingMapListRequestParameters (schema)

Port QoS Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PortQoSProfileBindingMapListResult (schema)

Paged collection of Port QoS Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Port QoS Profile Binding Map list results array of PortQoSProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PortSecurityProfileBindingMap (schema)

Security profile binding map for port

Contains the binding relationship between port and security profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PortSecurityProfileBindingMap string
segment_security_profile_path Segment Security Profile Path

The policy path of the asscociated Segment Security profile		 string
spoofguard_profile_path SpoofGuard Profile Path

The policy path of the asscociated SpoofGuard profile		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PortSecurityProfileBindingMapListRequestParameters (schema)

Port security profile binding map request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PortSecurityProfileBindingMapListResult (schema)

Paged collection of port security profile binding maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Port security profile binding map list results array of PortSecurityProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PostVmGroupMigrationSpec (schema)

Migration spec for a VM group

Migration spec for a VM group that will be used in post VM group migration step.

Name Description Type Notes
allow_override Flag for re-running post migrate steps

Flag to indicate whether to re-run the post migrate steps for the VM group if they are already run before.		 boolean Default: "False"
failed_vm_instance_ids List of instance uuids of VMs

List of instance uuids of VMs that failed to migrate.		 array of string
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string
group_id User defined VM group id

User defined VM group id that must be unique among all VM groups ids and also should match the group id used in the pre VM group migrate API.		 string Required

PreReqCondition (schema)

Valid pre-req condition

Name Description Type Notes
PreReqCondition Valid pre-req condition string Enum: WAVE_FRONT, TSDB, TRACE

PreVmGroupMigrationSpec (schema)

Migration spec for a VM group

Migration spec for a VM group that will be used in pre VM group migration step.

Name Description Type Notes
allow_override Flag for re-running the pre migrate steps

Flag to indicate whether to re-run the pre migrate steps for the VM group if they are already run before.		 boolean Default: "False"
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string
group_id User defined VM group id

User defined VM group id that must be unique among all VM groups ids.		 string Required
vm_instance_ids List of VM instance uuids

List of VM instance uuids that can be found in VC inventory.		 array of string Required

PrecheckParameters (schema)

Parameters for nvds upgrade precheck

Name Description Type Notes
cluster_ids Cluster ID list for nvds upgrade precheck array of string Readonly

PreconfiguredEndpoint (schema) (Deprecated)

Tunnel endpoint configuration of preconfigured host switch

Name Description Type Notes
device_name Name of the virtual tunnel endpoint string Required

PreconfiguredHostSwitch (schema) (Deprecated)

Preconfigured host switch

Preconfigured host switch is used for manually configured transport node.

Name Description Type Notes
endpoints List of virtual tunnel endpoints which are preconfigured on this host switch array of PreconfiguredEndpoint Maximum items: 1
host_switch_id External Id of the preconfigured host switch. string Required
transport_zone_endpoints Transport zone endpoints.

List of TransportZones that are to be associated with specified host switch.		 array of TransportZoneEndPoint

PreconfiguredHostSwitchSpec (schema) (Deprecated)

Specification of transport node preconfigured host switch

Preconfigured host switch specification is used for manually configured transport node. It is user's responsibility to ensure correct configuration is provided to NSX. This type is only valid for supported KVM fabric nodes.

Name Description Type Notes
host_switches Preconfigured Transport Node host switches array of PreconfiguredHostSwitch Required
Maximum items: 1
resource_type Must be set to the value PreconfiguredHostSwitchSpec string Required
Enum: StandardHostSwitchSpec, PreconfiguredHostSwitchSpec

PrefixConfig (schema)

Name Description Type Notes
action Action for the IPPrefix RoutingFilterAction Required
ge Greater than or equal to integer Minimum: 1
Maximum: 128
le Less than or equal to integer Minimum: 1
Maximum: 128
network CIDR

If absent, the action applies to all addresses.		 IPCIDRBlock

PrefixEntry (schema)

Network prefix entry

Name Description Type Notes
action Action for the prefix list

Action for the prefix list.
string Enum: PERMIT, DENY
Default: "PERMIT"
ge Prefix length greater than or equal to

Prefix length greater than or equal to.
int Minimum: 1
Maximum: 128
le Prefix length less than or equal to

Prefix length less than or equal to.
int Minimum: 1
Maximum: 128
network Network prefix in CIDR format

Network prefix in CIDR format. "ANY" matches all networks.
string Required

PrefixList (schema)

A named list of prefixes for routing purposes

A named list of prefixes for routing purposes.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
prefixes Ordered list of network prefixes

Specify ordered list of network prefixes.
array of PrefixEntry Required
Minimum items: 1
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value PrefixList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

PrefixListRequestParameters (schema)

PrefixList request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

PrefixListResult (schema)

Paged collection of PrefixLists

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results PrefixList results array of PrefixList Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Principal (schema)

Name Description Type Notes
attributes Attribute list. array of KeyValue Required

PrincipalIdentity (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificate_id Id of the stored certificate

Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_protected Protection indicator

Indicator whether the entities created by this principal should be protected.		 boolean
name Name

Name of the principal.		 string Required
Maximum length: 255
Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
node_id Unique node-id

Unique node-id of a principal. This is used primarily in the case
where a cluster of nodes is used to make calls to the NSX Manager and
the same 'name' is used so that the nodes can access and modify the
same data while still accessing NSX through their individual secret
(certificate or JWT). In all other cases this can be any string.
string Required
Maximum length: 255
Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type Must be set to the value PrincipalIdentity string
role Role

The roles that are associated with this PI.		 string Pattern: "^[_a-z0-9-]+$"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

PrincipalIdentityList (schema)

PrincipalIdentity query result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results PrincipalIdentity list. array of PrincipalIdentity Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PrincipalIdentityWithCertificate (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificate_id Id of the stored certificate

Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required.		 string
certificate_pem PEM encoding of the new certificate

PEM encoding of the new certificate.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_protected Protection indicator

Indicator whether the entities created by this principal should be protected.		 boolean
name Name

Name of the principal.		 string Required
Maximum length: 255
Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
node_id Unique node-id

Unique node-id of a principal. This is used primarily in the case
where a cluster of nodes is used to make calls to the NSX Manager and
the same 'name' is used so that the nodes can access and modify the
same data while still accessing NSX through their individual secret
(certificate or JWT). In all other cases this can be any string.
string Required
Maximum length: 255
Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type Must be set to the value PrincipalIdentityWithCertificate string
role Role

The roles that are associated with this PI.		 string Pattern: "^[_a-z0-9-]+$"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ProcessInformation (schema)

Process information

Describes a process detail informaiton.

Name Description Type Notes
command Display process command

Display the command line used to start the process.		 string
cpu_usage CPU usage

The process's share of the elapsed CPU time since the last screen update, expressed as a percentage of total CPU time.
number
memory_usage Memory usage

A process's currently used share of available physical memory.
number
nice_value The nice value of the process

A negative nice value means higher priority, whereas a positive nice value means lower priority.
Zero in this field simply means priority will not be adjusted in determining a process's dispatch-ability.
string
process_id Process id

Display the process id.		 string
resident_memory_size Resident Memory Size (MB)

The non-swapped physical memoery a task is using.		 number
shared_memory_size Shared Memory Size (MB)

The amount of shared memory available to a process, not all of which is typically resident.
It simply reflects memory that could be potentially shared with other processes.
number
user Process user

Display the process user.		 string
virtual_memory_size Virtual Memory Size (MB)

The total amount of virtual memory used by the process.
It includes all code, data and shared libraries plus pages that have been swapped out and pages that have been mapped but not used.
number

ProductType (schema)

Type of product

Type of a product.

Name Description Type Notes
product Name of the appliance

Name of the appliance for which upload is performed.		 string Required
Enum: SAMPLE, ALB_CONTROLLER, INTELLIGENCE

ProfileBindingListRequestParameters (schema)

Profile binding map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ProfileBindingMap (schema)

Policy base profile binding map

This entity will be used to establish association between profile
and policy entities.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ProfileSeverity (schema)

Intrusion Detection System Profile severity

Name Description Type Notes
ProfileSeverity Intrusion Detection System Profile severity string Enum: CRITICAL, HIGH, MEDIUM, LOW, SUSPICIOUS

ProfileSupportedAttributesListRequestParameters (schema)

Profile Attributes list request parameters.

Name Description Type Notes
attribute_key Fetch attributes and sub-attributes for the given attribute key

It fetches attributes and subattributes for the given attribute key
supported in the system which can be used for Policy Context Profile creation.
string
attribute_source Source of the attribute, System Defined or custom

It fetches attributes and sub attributes for the given attribute key based on the
source of attribute which can be used for Policy Context Profile creation.
string Enum: ALL, CUSTOM, SYSTEM
Default: "SYSTEM"
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ProfileType (schema)

Profile type of the ServiceConfig

Name Description Type Notes
ProfileType Profile type of the ServiceConfig string Enum: FirewallSessionTimerProfile, FirewallCpuMemThresholdsProfile, GiServiceProfile, FirewallFloodProtectionProfile, FirewallDnsProfile, LatencyStatProfile, SHAProfile, IpDiscoverySwitchingUpmProfile, SystemHealthPluginProfile, GeneralSecuritySettingsProfile, IpfixSwitchUpmProfile, IpfixCollectorUpmProfile, PaceHostConfigProfile, CommonAgentHostConfigProfile

ProgressItem (schema)

Name Description Type Notes
description Item description string Required
name Name of the item string Required
parts Finer details, usually there is only one part array of ProgressItemPart

ProgressItemPart (schema)

Name Description Type Notes
description Description of the process string Required
error Error message, if ran into error string
name Name of the process string Required
percentage 0 - 100 of the task being completed integer Required
status Status of this process string Required
Enum: RUNNING, ERROR, COMPLETE

PropertyItem (schema)

LabelValue Property

Represents a label-value pair.

Name Description Type Notes
condition Expression for evaluating condition

If the condition is met then the property will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.		 string Maximum length: 1024
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string
field Field of the Property

Represents field value of the property.		 string Required
Maximum length: 1024
heading If true, represents the field as a heading

Set to true if the field is a heading. Default is false.		 boolean Default: "False"
label Label of the property

If a field represents a heading, then label is not needed		 Label
label_value_separator Labale value separator used between label and value

Label value separator used between label and value. It can be any separator like ":" or "-".		 string
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details. This will be linked with value of the property.		 string Maximum length: 1024
render_configuration Render Configuration

Render configuration to be applied, if any.		 array of RenderConfiguration
rowspan Vertical span

Represent the vertical span of the widget / container		 int Minimum: 1
separator A separator after this property

If true, separates this property in a widget.		 boolean Default: "False"
span Horizontal span

Represent the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
style A Style object applicable for the Property Item

A style object applicable for the property item. It could be the any padding, margin style sheet applicable to the property item. A 'style' property is supported in case of layout 'AUTO' only.		 object
type field data type

Data type of the field.		 string Required
Enum: String, Number, Date, Url
Maximum length: 255
Default: "String"

Protocol (schema)

This is an abstract type. Concrete child types:
HttpProtocol
HttpsProtocol
ScpProtocol
SftpProtocol

Name Description Type Notes
name Protocol name string Required
Enum: http, https, scp, sftp

ProtocolVersion (schema)

TLS protocol version

Name Description Type Notes
enabled Enable status for this protocol version boolean Required
name Name of the TLS protocol version string Required

Proxy (schema)

Proxy Configuration

Type to define the Proxy configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to indicate if proxy is enabled.

Flag to indicate if proxy is enabled. When set to true, a scheme, host
and port must be provided.
boolean Required
host FQDN or IP address of the proxy server

Specify the fully qualified domain name, or ip address, of the proxy server.
string Required
Format: hostname-or-ip
id Unique identifier of this resource string Sortable
password Password

Specify the password used to authenticate with the proxy server, if required.
string
port Configured port for proxy

Specify the port of the proxy server.		 int Required
Minimum: 0
Maximum: 65535
resource_type Must be set to the value Proxy string
scheme The scheme accepted by the proxy server

The scheme accepted by the proxy server. Specify one of HTTP and HTTPS.
string Required
Enum: HTTP, HTTPS
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
username User name

Specify the user name used to authenticate with the proxy server, if required.
string

ProxyServerProfileInfo (schema)

Proxy Server Profile Information

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
host IP Address or name of the proxy server

IP Address or name of the proxy server.
string Required
Format: hostname-or-ip
id Unique identifier of this resource string Sortable
is_default Flag to decide default proxy profile

Flag which decides whether current proxy server profile
is default or not.
boolean Default: "False"
password Password of the proxy server

The Password for the proxy server.
string
port Port of the proxy server

The port of the proxy server.
integer Required
profilename Name of the proxy profile

The name of proxy profile.
string Required
resource_type Must be set to the value ProxyServerProfileInfo string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tls_certificate TLS certificate of Proxy Server

If proxy server is using TLS certificate for secure
communication. In that case, certificate of Proxy Server
is required.
string
username Username of the proxy server

The username for the proxy server.
string

ProxyServerProfilesListResult (schema)

Proxy Server Profiles list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Proxy Server Profile list array of ProxyServerProfileInfo
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

PublicClientInfo (schema)

Information for a PKCE OAuth2 client

Parameters needed to specify a PKCE OAuth2 client.

Name Description Type Notes
base_url CSP base URL

Protocol and domain name (or IP address) of CSP, for e.g., https://console.cloud.vmware.com.		 string Required
client_id The client-id to use with CSP

The client-id to use with CSP, identified with base_url.		 string Required
default_org_id The org id for this client-id

The org id for this client-id, typically a UUID.		 string Required
ea_org_id The symbolic org id for enterprise admins

The symbolic org id for enterprise admins.		 string Required
gss_org_id The symbolic org id for GSS (Global Support Services)

The symbolic org id for GSS (Global Support Services).		 string Required
redirect_uris The set of redirect URI's configured for this client_id

The set of redirect URI's configured for this client_id.		 array of string Required
sre_org_id The symbolic org id for SRE (Site Reliability Engineer)

The symbolic org id SRE (Site Reliability Engineer).		 string Required

PublicCloudGatewayNode (schema)

Name Description Type Notes
allocation_list Allocation list

List of logical router ids to which this edge node is allocated.		 array of string Readonly
deployment_config Config for automatic deployment of edge node virtual machine.

When this configuration is specified, edge fabric node of deployment_type VIRTUAL_MACHINE
will be deployed and registered with MP.
EdgeNodeDeploymentConfig
deployment_type EdgeDeploymentType Readonly
description Description of this resource

This field is deprecated. TransportNode field 'description' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 1024
Sortable
discovered_ip_addresses Discovered IP Addresses of the fabric node, version 4 or 6 array of IPAddress Readonly
display_name Identifier to use when displaying entity in logs or GUI

This field is deprecated. TransportNode field 'display_name' must be used instead. For HostNode, this field defaults to ID if not set. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 string Deprecated
Maximum length: 255
Sortable
external_id ID of the Node maintained on the Node and used to recognize the Node string
fqdn Fully qualified domain name of the fabric node string Readonly
id Unique identifier of this resource

Unique identifier of this resource.		 string Sortable
ip_addresses IP Addresses of the Node, version 4 or 6

IP Addresses of the Node, version 4 or 6. This property is mandatory for all nodes except for
automatic deployment of edge virtual machine node. For automatic deployment, the ip address from
management_port_subnets property will be considered.
array of IPAddress
node_settings Current configuration on edge node.

Reports the current configuration of host name, SSH and servers
configured for DNS, syslog, NTP. The settings are configured as part of
automatic deployment of edge virtual machine. The settings are editable.
EdgeNodeSettings Required
resource_type Must be set to the value PublicCloudGatewayNode string Required
tags Opaque identifiers meaningful to the API user

This field is deprecated. TransportNode field 'tags' must be used instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified in request payload.		 array of Tag Deprecated
Maximum items: 30

QoSBaseRateLimiter (schema)

A Limiter configuration entry that specifies type and metrics

This is an abstract type. Concrete child types:
EgressRateLimiter
IngressBroadcastRateLimiter
IngressRateLimiter

Name Description Type Notes
enabled boolean Required
resource_type Type rate limiter
string Required
Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter
Default: "IngressRateLimiter"

QoSDscp (schema)

One of QoS or Encapsulated-Remote-Switched-Port-Analyzer

Dscp value is ignored in case of 'TRUSTED' DscpTrustMode.

Name Description Type Notes
mode DscpTrustMode
priority Internal Forwarding Priority int Minimum: 0
Maximum: 63
Default: "0"

QoSProfile (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
class_of_service Class of service

Class of service groups similar types of traffic in the network and
each type of traffic is treated as a class with its own level of service
priority. The lower priority traffic is slowed down or in some cases
dropped to provide better throughput for higher priority traffic.
int Minimum: 0
Maximum: 7
Default: "0"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dscp QoSDscp
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value QoSProfile string
shaper_configurations Array of Rate limiter configurations to applied on Segment or Port. array of QoSBaseRateLimiter
(Abstract type: pass one of the following concrete types)
EgressRateLimiter
IngressBroadcastRateLimiter
IngressRateLimiter		 Minimum items: 0
Maximum items: 3
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

QoSProfileBindingMap (schema)

Base QoS Profile Binding Map

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value QoSProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

QoSProfileListRequestParameters (schema)

QoS Profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

QoSProfileListResult (schema)

Paged collection of QoS profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results QoS profiles list results array of QoSProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

QosBaseRateShaper (schema) (Deprecated)

A shaper configuration entry that specifies type and metrics

This is an abstract type. Concrete child types:
EgressRateShaper
IngressBroadcastRateShaper
IngressRateShaper

Name Description Type Notes
enabled boolean Required
resource_type string Required
Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper
Default: "IngressRateShaper"

QosSwitchingProfile (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
class_of_service Class of service int Minimum: 0
Maximum: 7
Default: "0"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dscp Dscp
id Unique identifier of this resource string Sortable
required_capabilities array of string Readonly
resource_type Must be set to the value QosSwitchingProfile string Required
shaper_configuration array of QosBaseRateShaper
(Abstract type: pass one of the following concrete types)
EgressRateShaper
IngressBroadcastRateShaper
IngressRateShaper		 Minimum items: 0
Maximum items: 3
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

QueryTunnelParameters (schema)

Name Description Type Notes
bfd_diagnostic_code BFD diagnostic code of Tunnel as defined in RFC 5880 string Enum: 0, NO_DIAGNOSTIC, 1, CONTROL_DETECTION_TIME_EXPIRED, 2, ECHO_FUNCTION_FAILED, 3, NEIGHBOR_SIGNALED_SESSION_DOWN, 4, FORWARDING_PLANE_RESET, 5, PATH_DOWN, 6, CONCATENATED_PATH_DOWN, 7, ADMINISTRATIVELY_DOWN, 8, REVERSE_CONCATENATED_PATH_DOWN
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
remote_node_id string
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
status Tunnel status string Enum: UP, DOWN

RAConfig (schema)

Name Description Type Notes
hop_limit Hop limit

The maximum number of hops through which packets can
pass before being discarded.
integer Minimum: 0
Maximum: 255
Default: "64"
prefix_lifetime Lifetime of prefix

The time interval in seconds, in which the prefix is advertised
as valid.
integer Minimum: 0
Maximum: 4294967295
Default: "2592000"
prefix_preferred_time Prefix preferred time

The time interval in seconds, in which the prefix is advertised
as preferred.
integer Minimum: 0
Maximum: 4294967295
Default: "604800"
ra_interval RA interval

Interval between 2 Router advertisement in seconds.
integer Minimum: 4
Maximum: 1800
Default: "600"
router_lifetime Lifetime of router

Router lifetime value in seconds. A value of 0 indicates the
router is not a default router for the receiving end. Any other value
in this field specifies the lifetime, in seconds, associated with
this router as a default router.
integer Minimum: 0
Maximum: 65520
Default: "1800"
router_preference Router preference

NDRA Router preference value with MEDIUM as default. If the router_lifetime is 0,
the preference must be set to MEDIUM.
NDRAPreference Default: "MEDIUM"

RAMode (schema)

Router Advertisement Mode

Router Advertisement Modes.
DISABLED - RA is disabled
SLAAC_DNS_THROUGH_RA - Stateless address auto-configuration RA for address and configuration
SLAAC_DNS_THROUGH_DHCP - SLAAC RA for address and DHCPv6 for configuration
DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - DHCPv6 for address and configurations
SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP - SLAAC RA and DHCPv6 for address and configurations

Name Description Type Notes
RAMode Router Advertisement Mode

Router Advertisement Modes.
DISABLED - RA is disabled
SLAAC_DNS_THROUGH_RA - Stateless address auto-configuration RA for address and configuration
SLAAC_DNS_THROUGH_DHCP - SLAAC RA for address and DHCPv6 for configuration
DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - DHCPv6 for address and configurations
SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP - SLAAC RA and DHCPv6 for address and configurations
string Enum: DISABLED, SLAAC_DNS_THROUGH_RA, SLAAC_DNS_THROUGH_DHCP, DHCP_ADDRESS_AND_DNS_THROUGH_DHCP, SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP

RaDNSConfig (schema)

Name Description Type Notes
dns_server DNS server

DNS server.
array of IPv6Address Maximum items: 8
dns_server_lifetime Lifetime of DNS server in milliseconds integer Minimum: 0
Maximum: 4294967295
Default: "1800000"
domain_name Domain name

Domain name in RA message.
array of string Maximum items: 8
domain_name_lifetime Lifetime of Domain names in milliseconds integer Minimum: 0
Maximum: 4294967295
Default: "1800000"

RateLimits (schema) (Deprecated)

Rate limiting configuration

Enables traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to disable rate limiting for a specific traffic type

Name Description Type Notes
enabled Whether rate limiting is enabled boolean Default: "False"
rx_broadcast Incoming broadcast traffic limit in packets per second int Minimum: 0
Default: "0"
rx_multicast Incoming multicast traffic limit in packets per second int Minimum: 0
Default: "0"
tx_broadcast Outgoing broadcast traffic limit in packets per second int Minimum: 0
Default: "0"
tx_multicast Outgoing multicast traffic limit in packets per second int Minimum: 0
Default: "0"

Reaction (schema)

Reaction

Reaction represents a programmable entity which encapsulates the events
and the actions in response to the events, or simply "If This Then That".

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
actions Reaction Actions

Actions that need to be taken when the events occur. These actions must appear
in the order that they need to be taken in. This field can be interpreted as the
HOW of the Reaction, or simply as "Then That".
array of Action
(Abstract type: pass one of the following concrete types)
PatchResources
SetFields		 Required
Minimum items: 1
Maximum items: 1
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
events Reaction Events

Events that provide contextual variables about what the reaction should react to.
This field can be interpreted as the WHAT of the Reaction, or simply as "If This"
Clause.
array of Event Required
Minimum items: 1
Maximum items: 1
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Reaction string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizationListRequestParameters (schema)

Realization list request params

List request params for the pass through type api that get data from the
Enforcement point. The basic requirement for these kind of APIs is
filtering by Enforcement point.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point from which the list of members needs
to be fetched. Forward slashes must be escaped using %2F.
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizationStateBarrierConfig (schema)

The configuration data for setting the global realization state barrier

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
interval Interval in milliseconds

The interval in milliseconds used for auto incrementing the barrier number
integer Required
Minimum: 0

RealizationStateQueryParameters (schema)

Realization state request query parameters

Query parameters that allow checking the realization status of logical entities such as firewall rules and sections.

Name Description Type Notes
barrier_id The system checks to ensure that the logical entity is realized or
not at least at the given barrier number. This parameter has been
deprecated. Please use request_id instead.
integer Deprecated
Minimum: 0
request_id Realization request ID

Passing a request_id allows you to check if the changes to a
logical entity made in a particular API request have been
realized or not. The request_id is returned from each
API request in the X-NSX-REQUESTID header. For example, to
check if a change to a firewall rule has been realized, save
the X-NSX-REQUESTID header value returned from the
PUT /api/v1/firewall/sections//rules/ call,
then add ?request_id= to the
GET /api/v1/firewall/rules//state API call.
string

RealizedEnforcementPoint (schema) (Experimental)

Realized Enforcement Point

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
realized_firewalls Root of Realized Firewalls RealizedFirewalls Readonly
realized_groups Root of Realized Groups RealizedGroups Readonly
realized_services Root of Realized Services RealizedServices Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedEnforcementPoint string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedEnforcementPointListRequestParameters (schema) (Experimental)

Realized enforcement point list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizedEnforcementPointListResult (schema) (Experimental)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Enforcement Point's array of RealizedEnforcementPoint
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RealizedFirewall (schema) (Experimental)

Realized firewall

This is an abstract type. Concrete child types:
RealizedFirewallSection

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedFirewall string Required
Enum: RealizedFirewallSection
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedFirewallRule (schema) (Experimental)

Realized Firewall Rule

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action

Action enforced on the packets which matches the firewall rule.		 string Readonly
Enum: ALLOW, DROP, REJECT
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination List

List of the destinations. Null will be treated as any.		 array of ResourceReference Readonly
Maximum items: 128
direction Rule direction

Rule direction in case of stateless firewall rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.		 string Readonly
Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Rule enable/disable flag

Flag to disable rule. Disabled will only be persisted but never provisioned/realized.		 boolean Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedFirewallRule string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
services Service List

List of the services. Null will be treated as any.		 array of ResourceReference Readonly
Maximum items: 128
sources Source List

List of sources. Null will be treated as any.		 array of ResourceReference Readonly
Maximum items: 128
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedFirewallSection (schema) (Experimental)

Realized Firewall section

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedFirewallSection string Required
Enum: RealizedFirewallSection
rule_count Rule count

Number of rules in this section.		 integer Readonly
rules List of the firewall rules

List of firewall rules in the section.		 array of RealizedFirewallRule Readonly
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
section_type Section Type

Type of the rules which a section can contain.		 string Readonly
Enum: LAYER2, LAYER3
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedFirewallSectionListRequestParameters (schema) (Experimental)

Realized firewall section list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizedFirewallSectionListResult (schema) (Experimental)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of firewall sections array of RealizedFirewallSection Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RealizedFirewalls (schema) (Experimental)

Realized firewalls

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
realized_firewalls list of realized firewalls array of RealizedFirewall
(Abstract type: pass one of the following concrete types)
RealizedFirewallSection		 Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedFirewalls string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedGroup (schema) (Experimental)

Realized group

This is an abstract type. Concrete child types:
RealizedNSGroup
RealizedSecurityGroup

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedGroup string Required
Enum: RealizedNSGroup, RealizedSecurityGroup
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedGroups (schema) (Experimental)

Realized groups

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
realized_groups list of realized groups array of RealizedGroup
(Abstract type: pass one of the following concrete types)
RealizedNSGroup
RealizedSecurityGroup		 Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedGroups string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedIPSetListRequestParameters (schema) (Experimental)

Realized IPSet list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizedLogicalPort (schema) (Experimental)

Realized Logical Port

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
logical_port_id The id of the logical port string Readonly
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedLogicalPort string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
status The Operational status of the logical port string Readonly
Enum: UP, DOWN, UNKNOWN
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedLogicalSwitch (schema) (Experimental)

Realized Logical Switch

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
logical_switch_id Id of the logical switch string Readonly
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedLogicalSwitch string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zone_id Transport zone identifier string Readonly
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedMACSetListRequestParameters (schema) (Experimental)

Realized MACSet list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizedNSGroup (schema) (Experimental)

Realized Network and Security Group

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
evaluations Evaluated members of NSGroup

Reference to the evaluated members of the NSGroup.
array of RealizedNSGroupMemberEvaluation Readonly
Maximum items: 500
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedNSGroup string Required
Enum: RealizedNSGroup, RealizedSecurityGroup
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedNSGroupListRequestParameters (schema) (Experimental)

Realized NSGroup list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizedNSGroupMemberEvaluation (schema) (Experimental)

Realized NSGroup member evaluation

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
logical_ports list of logical ports array of RealizedLogicalPort Readonly
logical_switches list of logical switches array of RealizedLogicalSwitch Readonly
member_count Count of the members added to this NSGroup integer Readonly
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedNSGroupMemberEvaluation string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
virtual_machines list of virtual machines array of RealizedVirtualMachine Readonly

RealizedNSService (schema) (Experimental)

Realized NSService

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedNSService string Required
Enum: RealizedNSService
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
service_type Realized nsservice type string Readonly
Enum: SERVICE, SERVICE_GROUP
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedPathRequestParameter (schema)

Parameter to filter realized entities by realized path

Realized path for which state/realized entities would be fetched.

Name Description Type Notes
realized_path String Path of the realized object

Realized path of object, forward slashes must be escaped using %2F
string Required

RealizedSecurityGroup (schema) (Experimental)

Realized Network and Security Group

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
evaluations Evaluated members of Security Group

Reference to the evaluted members of the Security Group.
array of RealizedSecurityGroupMemberEvaluation Readonly
Maximum items: 500
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedSecurityGroup string Required
Enum: RealizedNSGroup, RealizedSecurityGroup
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedSecurityGroupListRequestParameters (schema) (Experimental)

Realized Security Group list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizedSecurityGroupListResult (schema) (Experimental)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of realized Security Groups array of RealizedSecurityGroup Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RealizedSecurityGroupMemberEvaluation (schema) (Experimental)

Realized Security Group member evaluation

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
member_count Count of the members added to this Security Group integer Readonly
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedSecurityGroupMemberEvaluation string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
virtual_machines list of virtual machines array of RealizedVirtualMachine Readonly

RealizedService (schema) (Experimental)

Realized Service

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedService string Required
Enum: RealizedNSService
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedServices (schema) (Experimental)

Realized services

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
realized_services List of realized services array of RealizedService
(Abstract type: pass one of the following concrete types)
RealizedNSService
RealizedService		 Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedServices string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedStateRequestParameter (schema)

Binding between Intent and Enforcement Point Paths

Request parameter that represents a binding between an intent path and
enforcement point path. A request on the realized state can be parameterized
with this pair and will be evaluted as follows:
- {intent_path}: the request is evaluated on all enforcement points for
the given intent.
- {intent_path, enforcement_point_path}: the request is evaluated only on
the given enforcement point for the given intent.

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F
string
intent_path String Path of the intent object

Intent path of object, forward slashes must be escaped using %2F
string Required

RealizedVirtualMachine (schema) (Experimental)

Realized Virtual Machine

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alarms Alarm info detail array of PolicyAlarmResource
compute_ids List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] array of string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
host_id Id of the host on which the vm exists. string Readonly
id Unique identifier of this resource string Sortable
intent_reference Desire state paths of this object array of string
local_id_on_host Id of the vm unique within the host. string Readonly
operational_status String representation of operational status

Possible values could be UP, DOWN, UNKNOWN, FAILURE
This list is not exhaustive.
string
operational_status_error String representation of operational status error

It defines the root cause for operational status error.
string
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
power_state Current power state of this virtual machine in the system. string Readonly
Enum: VM_RUNNING, VM_STOPPED, VM_SUSPENDED, UNKNOWN
publish_status String representation of publish status

Possible values could be UP, DOWN, UNKNOWN, SUCCESS
This list is not exhaustive.
string
publish_status_error String representation of publish status error

It defines the root cause for publish status error.
string
publish_status_error_code Represents error code for publish status.

It defines error code for publish status error.
int
publish_status_error_details Details for publich status error.

Error details for publish status.
array of ConfigurationStateElement
realization_api Realization API of this object on enforcement point string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
realization_specific_identifier Realization id of this object string
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RealizedVirtualMachine string
runtime_error String representation of runtime error

It define the root cause for runtime error.
string
runtime_status String representation of runtime status

Possible values could be UP, DOWN, UNKNOWN, DEGRADED
This list is not exhaustive.
string Deprecated
state Realization state of this object string Required
Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RealizedVirtualMachineListRequestParameters (schema)

Realized Virtual Machine list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RealizedVirtualMachineListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of VMs array of RealizedVirtualMachine
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RecommendedFeaturePermission (schema)

Recommended Feature Permission

Name Description Type Notes
recommended_permissions Permission array of string Required
src_features List of source features array of string Required
target_feature Feature string Required

RecommendedFeaturePermissionListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List results array of RecommendedFeaturePermission Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RedirectionPolicy (schema)

Contains ordered list of rules and path to PolicyServiceInstance

Ordered list of rules long with the path of PolicyServiceInstance
to which the traffic needs to be redirected. |
Please note that the scope property must be provided for NS redirection |
policy if redirect to is a service chain. For NS, when redirect to is not |
to the service chain, and scope is specified on RedirectionPolicy, it |
will be ignored. The scope will be determined from redirect to path |
instead. For EW policy, scope must not be supplied in the request. |
Path to either Tier0 or Tier1 is allowed as the scope. Only 1 path |
can be specified as a scope. |
Also, note that, if stateful flag is not sent, it will be treated as true.
If statelessness is intended, false must be sent explicitly as the value |
for stateful field.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildRedirectionRule
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
north_south Flag to denote whether it is north south policy

This is the read only flag which will state the direction of this |
redirection policy. True denotes that it is NORTH-SOUTH and false |
value means it is an EAST-WEST redirection policy.
boolean Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
redirect_to List of redirect to target paths

Paths to which traffic will be redirected to. As of now, only 1 is |
supported. Paths allowed are |
1. Policy Service Instance |
2. Service Instance Endpoint |
3. Virtual Endpoint |
4. Policy Service Chain
array of string Maximum items: 1
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RedirectionPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules Redirection rules that are a part of this RedirectionPolicy

Redirection rules that are a part of this RedirectionPolicy. At
max, there can be 1000 rules in a given RedirectPolicy.
array of RedirectionRule Maximum items: 1000
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RedirectionPolicyListResult (schema)

Paged Collection of Redirection Policies

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Redirection policy list results array of RedirectionPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RedirectionRule (schema)

It define redirection rule for service insertion

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action

The action to be applied to all the services
string Enum: REDIRECT, DO_NOT_REDIRECT
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_groups Destination group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
destinations_excluded Negation of destination groups

If set to true, the rule gets applied on all the groups that are
NOT part of the destination groups. If false, the rule applies to the
destination groups
boolean Default: "False"
direction Direction

Define direction of traffic.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Flag to disable the rule

Flag to disable the rule. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.
The value is set to IPV4_IPV6 for Layer3 rule if not specified.
For Layer2/Ether rule the value must be null.
string Enum: IPV4, IPV6, IPV4_IPV6
is_default Default rule flag

A flag to indicate whether rule is a default rule.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
notes Text for additional notes on changes

Text for additional notes on changes.		 string Maximum length: 2048
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profiles Layer 7 service profiles or TLS action profile

Holds the list of layer 7 service profile paths. These profiles accept
attributes and sub-attributes of various network services
(e.g. L4 AppId, encryption algorithm, domain name, etc) as key value
pairs. Instead of Layer 7 service profiles you can use a L7 access profile.
One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule.
In case of L7 access profile only one is allowed.
array of string Maximum items: 128
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RedirectionRule string
rule_id Unique rule ID

This is a unique 4 byte positive number that is assigned by the system.
This rule id is passed all the way down to the data path. The first 1GB
(1000 to 2^30) will be shared by GM and LM with zebra style striped
number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM
and so on.
integer Readonly
scope The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied
on multiple LRs/LRPs.
array of string Maximum items: 128
sequence_number Sequence number of the this Rule

This field is used to resolve conflicts between multiple
Rules under Security or Gateway Policy for a Domain
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple rules with the same
sequence number then their order is not deterministic. If a specific
order of rules is desired, then one has to specify unique sequence
numbers or use the POST request on the rule entity with
a query parameter action=revise to let the framework assign a
sequence number
int Minimum: 0
service_entries Raw services

In order to specify raw services this can be used,
along with services which contains path to services.
This can be empty or null.
array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Maximum items: 128
services Names of services

In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
array of string Maximum items: 128
source_groups Source group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
sources_excluded Negation of source groups

If set to true, the rule gets applied on all the groups that are
NOT part of the source groups. If false, the rule applies to the
source groups
boolean Default: "False"
tag Tag applied on the rule

User level field which will be printed in CLI and packet logs.
Even though there is no limitation on length of a tag, internally
tag will get truncated after 32 characters.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RedirectionRuleListRequestParameters (schema)

RedirectionRule list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RedirectionRuleListResult (schema)

Paged Collection of RedirectionRules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results RedirectionRule list results array of RedirectionRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RedistributionConfig (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bgp_enabled Flag to enable redistribution for BGP as destination protocol boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
resource_type Must be set to the value RedistributionConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

RedistributionProtocols (schema)

Redistribution Protocols

Types of route to redistribute over routing protocols.
STATIC type is deprecated, use T0_STATIC instead.
T0_STATIC type should be used to redistribute user added static
routes.
NSX_CONNECTED type is deprecated, use T0_CONNECTED instead.
For backward compatibility when NSX_CONNECTED is selected,
we will redistribute downlink port subnets for TIER0 LR.
T0_CONNECTED type should be used to redistribute all port
subnets including uplink, downlink, CSP and loopback for TIER0 LR.
NSX_STATIC type is deprecated, use T1_STATIC instead.
For backward compatibility when NSX_STATIC is selected,
we will redistribute static, CSP and downlink port subnets
advertised by TIER1 LR.
T1_STATIC type should be used to redistribute static subnets
advertised by TIER1 LR.
T0_UPLINK type should be used to redistribute uplink port subnets
on TIER0 LR.
T0_DOWNLINK type should be used to redistribute downlink port subnets
on TIER0 LR.
T0_ROUTER_LINK type should be used to redistribute router link port
subnets on TIER0 LR
T0_CSP type should be used to redistribute centralised service port
subnets on TIER0 LR.
T0_LOOPBACK type should be used to redistribute loopback port subnets
on TIER0 LR.
T0_DNS_FORWARDER_IP type should be used to redistribute DNS forwarder
subnets on TIER0 LR.
T0_IPSEC_LOCAL_IP type should be used to redistribute IPSec subnets
on TIER0 LR.
TIER0_NAT type is deprecated, use T0_NAT instead.
T0_NAT type should be used to redistribute NAT IPs owned by
TIER0 logical router.
TIER1_NAT type is deprecated, use T1_NAT instead.
T1_NAT type should be used to redistribute NAT IP subnets advertised
by TIER1 LR.
TIER1_LB_VIP type is deprecated,use T1_LB_VIP instead.
T1_LB_VIP type should be used to redistribute LB VIP IP subnets
advertised by TIER1 LR.
TIER1_LB_SNAT type is deprecated, use T1_NAT instead.
T1_LB_SNAT type should be used to redistribute LB SNAT IP subnets
advertised by TIER1 LR.
T1_DNS_FORWARDER_IP type should be used to redistribute DNS forwarder
subnets advertised by TIER1 LR.
T1_CONNECTED type should be used to redistribute downlink and CSP port
subnets advertised by TIER1 LR.
T1_DOWNLINK type should be used to redistribute downlink port
subnets advertised by TIER1 LR.
T1_CSP type should be used to redistribute centralised service port
subnets advertised by TIER1 LR.
BGP type should be used to redistribute routes learned via BGP.
T1_IPSEC_LOCAL_IP type should be used to redistribute IPSec VPN local
endpoint subnets advertised by TIER1 LR.
T0_EVPN_TEP_IP type should be used to redistribute EVPN local endpoint
subnets on Tier0 LR.

Name Description Type Notes
RedistributionProtocols Redistribution Protocols

Types of route to redistribute over routing protocols.
STATIC type is deprecated, use T0_STATIC instead.
T0_STATIC type should be used to redistribute user added static
routes.
NSX_CONNECTED type is deprecated, use T0_CONNECTED instead.
For backward compatibility when NSX_CONNECTED is selected,
we will redistribute downlink port subnets for TIER0 LR.
T0_CONNECTED type should be used to redistribute all port
subnets including uplink, downlink, CSP and loopback for TIER0 LR.
NSX_STATIC type is deprecated, use T1_STATIC instead.
For backward compatibility when NSX_STATIC is selected,
we will redistribute static, CSP and downlink port subnets
advertised by TIER1 LR.
T1_STATIC type should be used to redistribute static subnets
advertised by TIER1 LR.
T0_UPLINK type should be used to redistribute uplink port subnets
on TIER0 LR.
T0_DOWNLINK type should be used to redistribute downlink port subnets
on TIER0 LR.
T0_ROUTER_LINK type should be used to redistribute router link port
subnets on TIER0 LR
T0_CSP type should be used to redistribute centralised service port
subnets on TIER0 LR.
T0_LOOPBACK type should be used to redistribute loopback port subnets
on TIER0 LR.
T0_DNS_FORWARDER_IP type should be used to redistribute DNS forwarder
subnets on TIER0 LR.
T0_IPSEC_LOCAL_IP type should be used to redistribute IPSec subnets
on TIER0 LR.
TIER0_NAT type is deprecated, use T0_NAT instead.
T0_NAT type should be used to redistribute NAT IPs owned by
TIER0 logical router.
TIER1_NAT type is deprecated, use T1_NAT instead.
T1_NAT type should be used to redistribute NAT IP subnets advertised
by TIER1 LR.
TIER1_LB_VIP type is deprecated,use T1_LB_VIP instead.
T1_LB_VIP type should be used to redistribute LB VIP IP subnets
advertised by TIER1 LR.
TIER1_LB_SNAT type is deprecated, use T1_NAT instead.
T1_LB_SNAT type should be used to redistribute LB SNAT IP subnets
advertised by TIER1 LR.
T1_DNS_FORWARDER_IP type should be used to redistribute DNS forwarder
subnets advertised by TIER1 LR.
T1_CONNECTED type should be used to redistribute downlink and CSP port
subnets advertised by TIER1 LR.
T1_DOWNLINK type should be used to redistribute downlink port
subnets advertised by TIER1 LR.
T1_CSP type should be used to redistribute centralised service port
subnets advertised by TIER1 LR.
BGP type should be used to redistribute routes learned via BGP.
T1_IPSEC_LOCAL_IP type should be used to redistribute IPSec VPN local
endpoint subnets advertised by TIER1 LR.
T0_EVPN_TEP_IP type should be used to redistribute EVPN local endpoint
subnets on Tier0 LR.
string Enum: STATIC, T0_STATIC, NSX_CONNECTED, T0_CONNECTED, NSX_STATIC, T1_STATIC, T0_UPLINK, T0_DOWNLINK, T0_ROUTER_LINK, T0_CSP, T0_LOOPBACK, T0_DNS_FORWARDER_IP, T0_IPSEC_LOCAL_IP, TIER0_NAT, T0_NAT, TIER1_NAT, T1_NAT, TIER1_LB_VIP, T1_LB_VIP, TIER1_LB_SNAT, T1_LB_SNAT, T1_DNS_FORWARDER_IP, T1_CONNECTED, T1_DOWNLINK, T1_CSP, BGP, T1_IPSEC_LOCAL_IP, T0_EVPN_TEP_IP

RedistributionRule (schema)

Name Description Type Notes
address_family Address family for Route Redistribution string Readonly
Enum: IPV4, IPV6, IPV4_AND_IPV6
Default: "IPV4_AND_IPV6"
description Description string Maximum length: 1024
destination Destination redistribution protocol RedistributionProtocols
display_name Display name string Maximum length: 255
route_map_id RouteMap Id for the filter string
sources Array of redistribution protocols array of RedistributionProtocols Required

RedistributionRuleList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
resource_type Must be set to the value RedistributionRuleList string
rules List of redistribution rules. User needs to re-order rules to change the priority. array of RedistributionRule Minimum items: 0
Maximum items: 5
Default: "[]"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

RefreshRequestParameters (schema)

Parameters that affect whether CSM returns the cached resource or
refreshes the cache before returning

Name Description Type Notes
refresh Determines whether to refresh cache or not

If true, the cache is refreshed before returning
If false, cached resource is returned
boolean Default: "False"

RegionConfig (schema)

Cloud account region information

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to enable inventory sync on the specified region

A particular region is configured by the user to be enabled
or not in the list of desired regions for a particular account.
boolean Required
id Unique identifier of this resource string Sortable
resource_type Must be set to the value RegionConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

RegionListConfig (schema)

Cloud account regions list

Name Description Type Notes
default_client_region Default region only for AWS for cloud SDK clients to connect to

Optional property only for AWS to configure a default region that
cloud SDK clients can connect to for querying AWS information. If
not specified, AWS SDK uses 'us-west-2' as the default.
string
regions Cloud account regions list array of RegionConfig

RegistrationToken (schema)

Appliance registration access token

Name Description Type Notes
roles List results array of string Required
token Access token string Required
user User delegated by token string

RelatedApiError (schema)

Detailed information about a related API error

Name Description Type Notes
details Further details about the error string
error_code A numeric error code integer
error_data Additional data about the error object
error_message A description of the error string
module_name The module name where the error occurred string

RelatedAttribute (schema)

Related attribute details.

Related attribute on the target resource for conditional constraints based
on related attribute value.
Example - destinationGroups/service/action is related attribute of
sourceGroups in communcation entry.

Name Description Type Notes
attribute Related attribute name on the target entity. string Required

RelatedAttributeConditionalExpression (schema)

Represents the leaf level type expression to express constraint as
value of realted attribute to the target. Uses
ConditionalValueConstraintExpression to constrain the target value
based on the related attribute value on the same resource.

Represents the leaf level type expression to express constraint as
value of realted attribute to the target.
Example - Constraint traget attribute 'X' (example in Constraint),
if destinationGroups contains 'vCeneter' then allow only values
"HTTPS", "HTTP" for attribute X.
{
"target":{
"target_resource_type":"CommunicationEntry",
"attribute":"services",
"path_prefix": "/infra/domains/{{DOMAIN}}/edge-communication-maps/default/communication-entries/"
},
"constraint_expression": {
"resource_type": "RelatedAttributeConditionalExpression",
"related_attribute":{
"attribute":"destinationGroups"
},
"condition" : {
"operator":"INCLUDES",
"rhs_value": ["/infra/domains/mgw/groups/VCENTER"],
"value_constraint": {
"resource_type": "ValueConstraintExpression",
"operator":"INCLUDES",
"values":["/infra/services/HTTP", "/infra/services/HTTPS"]
}
}
}
}

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Conditiona value constraint expression.

Conditional value expression for target based on realted attribute value.
ConditionalValueConstraintExpression Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
related_attribute Related attribute. RelatedAttribute Required
resource_type Must be set to the value RelatedAttributeConditionalExpression string Required
Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

RemainingSupportBundleNode (schema)

Name Description Type Notes
node_display_name Display name of node string Required
Readonly
node_id UUID of node string Required
Readonly
status Status of node string Required
Readonly
Enum: PENDING, PROCESSING

RemoteBundleUrl (schema)

URL of remote bundle

URL of remote bundle which needs to be uploaded.

Name Description Type Notes
url URL of remote bundle

URL for uploading remote bundle		 string Required

RemoteFileServer (schema)

Remote file server

Name Description Type Notes
directory_path Remote server directory to copy bundle files to string Required
Pattern: "^\/[\w\-.\+~\/]+$"
port Server port integer Minimum: 1
Maximum: 65535
Default: "22"
protocol Protocol to use to copy file FileTransferProtocol Required
server Remote server hostname or IP address string Required
Format: hostname-or-ip

RemoteServerFingerprint (schema)

Remote server

Name Description Type Notes
port Server port integer Minimum: 1
Maximum: 65535
Default: "22"
server Remote server hostname or IP address string Required
Format: hostname-or-ip
ssh_fingerprint SSH fingerprint of server string Required

RemoteServerFingerprintRequest (schema)

Remote server

Name Description Type Notes
port Server port integer Minimum: 1
Maximum: 65535
Default: "22"
server Remote server hostname or IP address string Required
Format: hostname-or-ip

RemoteSiteCompatibilityInfo (schema)

Name Description Type Notes
is_compatible are the 2 sites compatible boolean
local_site local site compatibility SiteCompatibilityInfo
remote_site remote site compatibility SiteCompatibilityInfo

RemoteSiteCredential (schema)

Credential of remote site

Contains the information needed to communicate with another site.

Name Description Type Notes
address Address of the site (IPv4:port) string Required
password Password of the site string Required
thumbprint Sha256 thumbprint of API certificate of the remote site string Required
username Username of the site string Required

RemoteTransportNodeStatusParametersWithDataSource (schema)

Query parameters that may be used to select which transport nodes status to return in a query.
The tunnel_status and bfd_diagnostic_code parameters are ANDed together if both are provided.

Name Description Type Notes
bfd_diagnostic_code BFD diagnostic code of Tunnel

The BFD diagnostic code of Tunnel as defined in RFC 5880.
If specified, only the status for transport nodes connected via tunnels having the
specified BFD diagnostic code are returned.
string Enum: 0, NO_DIAGNOSTIC, 1, CONTROL_DETECTION_TIME_EXPIRED, 2, ECHO_FUNCTION_FAILED, 3, NEIGHBOR_SIGNALED_SESSION_DOWN, 4, FORWARDING_PLANE_RESET, 5, PATH_DOWN, 6, CONCATENATED_PATH_DOWN, 7, ADMINISTRATIVELY_DOWN, 8, REVERSE_CONCATENATED_PATH_DOWN
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
tunnel_status Tunnel Status

If specified, only the status for transport nodes connected via tunnels having the
specified tunnel status are returned.
string Enum: UP, DOWN

RemoteTunnelEndpoint (schema)

Remote tunnel endpoint

Name Description Type Notes
default_gateway Gateway IP IPAddress Readonly
device_name Name of the virtual tunnel endpoint string Readonly
ip IP Address of this virtual tunnel endpoint

Depending upon the EndpointIpConfig used in HostSwitch, IP could be allocated either from DHCP (default) or from Static IP Pool.		 IPAddress Readonly
label Unique label for this Endpoint int Readonly
mac MAC address MACAddress Readonly
subnet_mask Subnet mask IPAddress Readonly
vlan Vlan id VlanID Readonly

RemoteTunnelEndpointConfigState (schema)

Remote tunnel endpoint configuration state

Name Description Type Notes
endpoints List of remote tunnel endpoints which are configured on this node array of RemoteTunnelEndpoint Readonly

RemoteTunnelStatistics (schema)

Name Description Type Notes
rx Received data counters

Total received data from remote tunnel.		 InterSitePortCounters Readonly
tunnel_destination_address Remote tunnel destination address

Ip address of remote tunnel destination.		 IPAddress Readonly
tunnel_source_address Remote tunnel source address

Ip address of remote tunnel source.		 IPAddress Readonly
tx Sent data counters

Total sent data to remote tunnel.		 InterSitePortCounters Readonly

RemoteTunnelStatisticsPerSite (schema)

Name Description Type Notes
remote_site Remote site

Remote site details.		 ResourceReference Required
Readonly
rx Received data counters

Total received data from remote site.		 InterSitePortCounters Readonly
stats_per_tunnel Statistics per remote tunnel

Statistics per remote tunnel.		 array of RemoteTunnelStatistics Readonly
tx Sent data counters

Total sent data to remote site.		 InterSitePortCounters Readonly

RenderConfiguration (schema)

Render Configuration

Render configuration to be applied to the widget.

Name Description Type Notes
color Color of the entity

The color to use when rendering an entity. For example, set color as 'RED' to render a portion of donut in red.		 string
condition Expression for evaluating condition

If the condition is met then the rendering specified for the condition will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.		 string Maximum length: 1024
display_value Overridden value to display, if any

If specified, overrides the field value. This can be used to display a meaningful value in situations where field value is not available or not configured.		 string Maximum length: 255
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon Minimum items: 0
tooltip Multi-line tooltip

Multi-line text to be shown on tooltip while hovering over the UI element if the condition is met.		 array of Tooltip Minimum items: 0

ReorderMigrationRequest (schema)

Name Description Type Notes
id id of the migration unit group/migration unit before/after which the migration unit group/migration unit is to be placed string Required
is_before flag indicating whether the migration unit group/migration unit is to be placed before or after the specified migration unit group/migration unit boolean Default: "True"

ReorderRequest (schema)

Name Description Type Notes
id id of the upgrade unit group/upgrade unit before/after which the upgrade unit group/upgrade unit is to be placed string Required
is_before flag indicating whether the upgrade unit group/upgrade unit is to be placed before or after the specified upgrade unit group/upgrade unit boolean Default: "True"

RepoSyncStatusReport (schema)

Name Description Type Notes
failure_code Error code for failure

In case of repo sync related failure, the code for the error will
be stored here.
integer
failure_message Error message for failure

In case if repo sync fails due to some issue, an error message will be
stored here.
string
status Repository Synchronization Status

Status of the repo sync operation on the single nsx-manager
string Required
Enum: NOT_STARTED, IN_PROGRESS, FAILED, SUCCESS
status_message Status message

Describes the steps which repo sync operation is performing currently.
string

RequiredTransportNodeIdParameters (schema)

Name Description Type Notes
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string Required

ReservationInfo (schema)

CPU and Memory resource configuration is defined per Edge VM
form factor.
These resources are reserved 100 percent by default with Normal VM
importance. Resource reservation tuning provides a means to optimize
resource utilization and workaround hard resource limits.
This solution should be used as a temporary workaround. It is recommended
to add more resources to the compute cluster and change the reservation
back to 100 percent for optimal performance.

Name Description Type Notes
cpu_reservation Guaranteed minimum allocation of CPU resources.

Specify a reservation if you need to guarantee that the minimum
required amount of CPU is always available for the virtual
machine.
CPUReservation
memory_reservation Guaranteed minimum allocation of memory resources.

Specify a reservation if you need to guarantee that the minimum
required amount of memory is always available for the virtual
machine.
MemoryReservation

ResetIdsStatsRequestParameters (schema)

Reset Statistics Request Parameters

Request parameters that represents an enforcement point path and category.
A request on statistics can be parameterized with this enforcement point
path and will be evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- {enforcement_point_path}: the request is evaluated only on the given enforcement
point.

Name Description Type Notes
category Aggregation statistic category

Aggregation statistic category to perform reset operation.
If not provided it will be considered as IDPSDFW.
string Enum: IDPSDFW, IDPSEDGE
Default: "IDPSDFW"
container_cluster_path String Path of the Container Cluster entity

Path to the container cluster entity where the request will be executed.
string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

ResetNodeUserOwnPasswordProperties (schema)

Name Description Type Notes
old_password The old password of the user

If the old_password is not given, a 400 BAD REQUEST is returned with an error message.		 string Required
password The new password for user string Required

ResetStatsParameters (schema)

Name Description Type Notes
category Aggregation statistic category

Aggregation statistic category to perform reset operation.		 string Required
Enum: L3DFW, L3EDGE, L3BRIDGEPORT

ResetStatsRequestParameters (schema)

Reset Statistics Request Parameters

Request parameters that represents an enforcement point path and category.
A request on statistics can be parameterized with this enforcement point
path and will be evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- {enforcement_point_path}: the request is evaluated only on the given enforcement
point.

Name Description Type Notes
category Aggregation statistic category

Aggregation statistic category to perform reset operation.		 string Required
Enum: DFW, EDGE
container_cluster_path String Path of the Container Cluster entity

Path to the container cluster entity where the request will be executed.
string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

Resource (schema)

Base class for resources

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly

ResourceAllocation (schema) (Deprecated)

Resource allocation information for a host infrastructure traffic type

Specify limit, shares and reservation for all kinds of traffic.
Values for limit and reservation are expressed in percentage. And for shares,
the value is expressed as a number between 1-100.
The overall reservation among all traffic types should not exceed 75%.
Otherwise, the API request will be rejected.

Name Description Type Notes
limit Maximum bandwidth percentage

The limit property specifies the maximum bandwidth allocation for a given
traffic type and is expressed in percentage. The default value for this
field is set to -1 which means the traffic is unbounded for the traffic
type. All other negative values for this property is not supported
and will be rejected by the API.
number Required
Minimum: -1
Maximum: 100
Default: "-1.0"
reservation Minimum guaranteed bandwidth percentage number Required
Minimum: 0
Maximum: 75
Default: "0.0"
shares Shares int Required
Minimum: 1
Maximum: 100
Default: "50"
traffic_type Resource allocation traffic type HostInfraTrafficType Required

ResourceAssignment (schema)

Amount of memory and CPU allocated to the Edge VM.

Name Description Type Notes
cpu_count CPU count.

CPU count.
int Readonly
Minimum: 0
memory_allocation_in_mb Memory allocation in MB.

Memory allocation in MB.
int Readonly
Minimum: 0

ResourceFieldPointer (schema)

Resource Field Pointer

Resource Field Pointer representing the exact value within a policy object.

Name Description Type Notes
field_pointer Field Pointer

Field Pointer referencing the exact field within the policy object.		 string Required
path Resource Path

Policy Path referencing a policy object. If not supplied, the field pointer will be applied
to the event source.
string

ResourceInfo (schema)

Represents resources information

It represents the resource information which could identify resource.

Name Description Type Notes
resource_ids Resource identifiers

It will represent resource identifiers. For example, policy objects will be
represented with paths and virtual machine will be represented with external
ids.
array of string Required
resource_type Resource type

It will represent resource type on which tag bulk operation to be performed.
Supported resource type is VirtualMachine.
string Required

ResourceInfoListResult (schema)

Collection of resource info objects

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Resource info list results array of PolicyFineTuningResourceInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ResourceInfoSearchParameters (schema) (Experimental)

Represents search object that provides additional search capabilities

This object presents additional search capabilities over any API through free text query string. e.g. type="FirewallRuleDto".

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Type query string

ResourceLink (schema)

A link to a related resource

Name Description Type Notes
action Optional action string Readonly
href Link to resource string Required
Readonly
rel Link relation type

Custom relation type (follows RFC 5988 where appropriate definitions exist)		 string Required
Readonly

ResourceOperation (schema)

Resource Operation

Resource Operation is an Event Source that represents a resource that
is being changed at very specific points of time, with regard to
its interaction with dao layer.

Name Description Type Notes
operation_types Operation Types

Operation types.		 array of ResourceOperationType Required
Minimum items: 1
resource_pointer Resource Pointer

Regex path representing a regex expression on resources. This regex is used
to identify the object(s) that is/are the source of the Event. For instance:
specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source
means that ANY resource starting with Lb or ANY resource with
"/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source
of the event in question.
string Required
resource_type Must be set to the value ResourceOperation string Required
Enum: ResourceOperation, ApiRequestBody

ResourceOperationType (schema)

Resource Operation Type

Resource Operation Type represents a change in state of a resource with
regard to the interaction with DAO layer:
POST_CREATE: post-create change event.
POST_UPDATE: post-update change event.
PRE_DELETE: pre-delete change event.

Name Description Type Notes
ResourceOperationType Resource Operation Type

Resource Operation Type represents a change in state of a resource with
regard to the interaction with DAO layer:
POST_CREATE: post-create change event.
POST_UPDATE: post-update change event.
PRE_DELETE: pre-delete change event.
string Enum: POST_CREATE, POST_UPDATE, PRE_DELETE

ResourceReference (schema)

A weak reference to an NSX resource.

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

ResourceTagStatus (schema)

Tag operation status for a resource

It represents tag operation status for a resource and details of the failure if any.

Name Description Type Notes
details Details about the error if any string
resource_display_name Resource display name string
resource_id Resource id string Required
tag_status Status of tag apply or remove operation string Required
Enum: Success, Error

ResourceTypeTagStatus (schema)

Tag operation status for particular resource type and resource ids.

Tag operation status for particular resource type and resource ids.

Name Description Type Notes
resource_tag_status List of resources on which tag needs to be applied

List of resources on which tag needs to be applied.
array of ResourceTagStatus
resource_type Resource type string Required

RestoreConfiguration (schema)

Configuration where backup files are stored for restore

Name Description Type Notes
passphrase Passphrase used to encrypt backup files. string
remote_file_server The server from which backup files will be retrieved for restore. RemoteFileServer Required

RestoreStep (schema)

Restore step info

Name Description Type Notes
description Restore step description string Required
Readonly
status PerStepRestoreStatus
step_number Restore step number integer Required
Readonly
value Restore step value string Required
Readonly

RevisionedResource (schema)

A base class for types that track revisions

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly

Role (schema)

Role

Name Description Type Notes
role Role identifier

Short identifier for the role. Must be all lower case with no spaces.		 string Required
Pattern: "^[_a-z0-9-]+$"
role_display_name Display name for role

A short, human-friendly display name of the role.		 string

RoleBinding (schema)

User/Group's role binding

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
identity_source_id ID of the external identity source

The ID of the external identity source that holds the referenced external entity. Currently, only external LDAP and OIDC servers are allowed.		 string
identity_source_type Identity source type string Enum: VIDM, LDAP, OIDC
Default: "VIDM"
name User/Group's name string Required
Readonly
resource_type Must be set to the value RoleBinding string
roles Roles

The roles of the user.		 array of Role Readonly
stale Stale in vIDM

Property 'stale' can be considered to have these values - absent - This type of rolebinding does not support stale property TRUE - Rolebinding is stale in vIDM meaning the user is no longer present in vIDM FALSE - Rolebinding is available in vIDM UNKNOWN - Rolebinding's state of staleness in unknown Once rolebindings become stale, they can be deleted using the API POST /aaa/role-bindings?action=delete_stale_bindings		 string Readonly
Enum: TRUE, FALSE, UNKNOWN
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Type string Required
Readonly
Enum: remote_user, remote_group, local_user, principal_identity
user_id Local user's numeric id

Local user's numeric id on the system.		 string Readonly

RoleBindingListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List results array of RoleBinding Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RoleBindingRequestParameters (schema)

Parameters to filter list of role bindings.

Pagination and Filtering parameters to get only a subset of users/groups.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
identity_source_id Identity source ID

If provided, only return role bindings for the given identity source. Currently only supported for LDAP and OIDC identity source types.		 string
identity_source_type Identity source type string Enum: VIDM, LDAP, OIDC
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
name User/Group name string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
role Role ID string
sort_ascending boolean
sort_by Field by which records are sorted string
type Type string Enum: remote_user, remote_group, local_user, principal_identity

RoleListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List results array of Role Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RoleWithFeatures (schema)

Role

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
features Features array of FeaturePermission Required
id Unique identifier of this resource string Sortable
resource_type Must be set to the value RoleWithFeatures string
role Role identifier

Short identifier for the role. Must be all lower case with no spaces.		 string Required
Readonly
Pattern: "^[_a-z0-9-]+$"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

RoleWithFeaturesListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List results array of RoleWithFeatures Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RouteAdvertisementRule (schema)

Route advertisement rules and filtering

Name Description Type Notes
action Action to advertise routes

Action to advertise filtered routes to the connected Tier0 gateway.
PERMIT: Enables the advertisment
DENY: Disables the advertisement
string Required
Enum: PERMIT, DENY
Default: "PERMIT"
name Display name for rule

Display name should be unique.
string Required
prefix_operator Prefix operator to match subnets

Prefix operator to filter subnets.
GE prefix operator filters all the routes with prefix length greater
than or equal to the subnets configured.
EQ prefix operator filter all the routes with prefix length equal to
the subnets configured.
string Enum: GE, EQ
Default: "GE"
route_advertisement_types Enable different types of route advertisements

Enable different types of route advertisements.
When not specified, routes to IPSec VPN local-endpoint subnets
(TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised.
array of Tier1RouteAdvertisentTypes
subnets Network CIDRs

Network CIDRs to be routed.
array of string

RouteAggregationEntry (schema)

List of routes to be aggregated

Name Description Type Notes
prefix CIDR of aggregate address

CIDR of aggregate address		 string Required
Format: ip-cidr-block
summary_only Send only summarized route

Send only summarized route.
Summarization reduces number of routes advertised by representing
multiple related routes with prefix property.
boolean Default: "True"

RouteBasedIPSecVPNSession (schema)

Route based VPN session

A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable/Disable IPSec VPN session

Enable/Disable IPSec VPN session.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
ipsec_vpn_service_id IPSec VPN service identifier

Identifier of VPN Service linked with local endpoint.		 string Readonly
local_endpoint_id Local endpoint identifier

Local endpoint identifier.		 string Required
peer_endpoint_id Peer endpoint identifier

Peer endpoint identifier.		 string Required
resource_type Must be set to the value RouteBasedIPSecVPNSession IPSecVPNSessionResourceType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_mss_clamping TcpMssClamping
tunnel_ports IP Tunnel ports

IP Tunnel ports.		 array of TunnelPortConfig Required
Minimum items: 1
Maximum items: 1

RouteBasedIPSecVpnSession (schema)

Route based VPN session

A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authentication_mode Authentication Mode

Peer authentication mode.
PSK - In this mode a secret key shared between local and
peer sites is to be used for authentication. The secret
key can be a string with a maximum length of 128 characters.
CERTIFICATE - In this mode a certificate defined at the
global level is to be used for authentication.
string Enum: PSK, CERTIFICATE
Default: "PSK"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
compliance_suite Compliance suite

Compliance suite.
string Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE
connection_initiation_mode Connection initiation mode

Connection initiation mode used by local endpoint to
establish ike connection with peer site.
INITIATOR - In this mode local endpoint initiates
tunnel setup and will also respond to incoming tunnel
setup requests from peer gateway.
RESPOND_ONLY - In this mode, local endpoint shall only
respond to incoming tunnel setup requests. It shall not
initiate the tunnel setup.
ON_DEMAND - In this mode local endpoint will initiate
tunnel creation once first packet matching the policy
rule is received and will also respond to incoming
initiation request.
string Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND
Default: "INITIATOR"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
dpd_profile_path Dead peer detection (DPD) profile path

Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.		 string
enabled Enable/Disable IPSec VPN session

Enable/Disable IPSec VPN session.		 boolean Default: "True"
force_whitelisting Flag to add default whitelisting Gateway Policy rule for the VTI interface.

If true the default firewall rule Action is set to DROP, otherwise set to ALLOW.
This field is deprecated and recommended to change Rule action field. Note that this
field is not synchornied with default rule field.
boolean Deprecated
Default: "False"
id Unique identifier of this resource string Sortable
ike_profile_path Internet key exchange (IKE) profile path

Policy path referencing IKE profile to be used. Default is set according to system default profile.		 string
local_endpoint_path Local endpoint path

Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
peer_address IPV4 address of peer endpoint on remote site

Public IPV4 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
peer_id Peer id

Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 string
psk Pre-shared key

IPSec Pre-shared key. Maximum length of this field is 128 characters.		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value RouteBasedIPSecVpnSession IPSecVpnSessionResourceType Required
site_overrides SiteOverride list

A collection of site specific attributes specificed only on GM
array of SiteOverride Maximum items: 128
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_mss_clamping TCP MSS Clamping

TCP Maximum Segment Size Clamping Direction and Value.
TcpMaximumSegmentSizeClamping
tunnel_interfaces IP Tunnel interfaces

IP Tunnel interfaces. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.		 array of IPSecVpnTunnelInterface Minimum items: 1
Maximum items: 1
tunnel_profile_path IPSec tunnel profile path

Policy path referencing Tunnel profile to be used. Default is set to system default profile.		 string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RouteBasedL3VpnSession (schema) (Deprecated)

Route based L3Vpn Session

A Route Based L3Vpn is more flexible, more powerful and recommended over policy based.
IP Tunnel subnet is created and all traffic routed through tunnel subnet is sent over
tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using
redundant L3Vpn.

Name Description Type Notes
default_rule_logging Enable logging for whitelisted rule for the VTI interface

Indicates if logging should be enabled for the default whitelisting
rule for the VTI interface.
boolean Default: "False"
force_whitelisting Flag to add default whitelisting FW rule for the VTI interface.

The default firewall rule Action is set to DROP if true otherwise set to ALLOW.
boolean Default: "False"
resource_type Must be set to the value RouteBasedL3VpnSession L3VpnSessionResourceType Required
routing_config_path Routing configuration policy path

This is a deprecated field. Any specified value is not saved and will be ignored.
string Deprecated
tunnel_subnets Virtual Tunnel Interface (VTI) IP subnets

Virtual tunnel interface (VTI) port IP subnets to be used to configure
route-based L3Vpn session. A max of one tunnel subnet is allowed.
array of TunnelSubnet Required
Minimum items: 1
Maximum items: 1

RouteDetails (schema)

BGP route details

BGP route details.

Name Description Type Notes
as_path AS path

BGP AS path attribute.		 string Readonly
local_pref Local preference

BGP Local Preference attribute.		 integer Readonly
med Multi Exit Discriminator

BGP Multi Exit Discriminator attribute.		 integer Readonly
network CIDR network address

CIDR network address.		 IPCIDRBlock Required
Readonly
next_hop Next hop IP address

Next hop IP address.		 IPAddress Readonly
weight Weight

BGP Weight attribute.		 integer Readonly

RouteMap (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
resource_type Must be set to the value RouteMap string
sequences Ordered list of routeMap sequences array of RouteMapSequence Required
Minimum items: 1
Maximum items: 1000
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

RouteMapEntry (schema)

Route map entry

Name Description Type Notes
action Action for the route map entry

Action for the route map entry
string Required
Enum: PERMIT, DENY
community_list_matches Community list match criteria

Community list match criteria for route map.
Properties community_list_matches and prefix_list_matches are mutually
exclusive and cannot be used in the same route map entry.
array of CommunityMatchCriteria
prefix_list_matches Prefix list match criteria

Prefix list match criteria for route map.
Properties community_list_matches and prefix_list_matches are mutually
exclusive and cannot be used in the same route map entry.
array of string Maximum items: 500
set Set criteria for route map entry

Set criteria for route map entry
RouteMapEntrySet

RouteMapEntrySet (schema)

Set criteria for route map entry

Name Description Type Notes
as_path_prepend AS path prepend to influence route selection

AS path prepend to influence route selection.
string
community Set BGP community

Set BGP regular or large community for matching routes. A maximum of one value for each community
type separated by space. Well-known community name, community value in aa:nn (2byte:2byte) format for regular
community and community value in aa:bb:nn (4byte:4byte:4byte) format for large community are supported.
string
local_preference Local preference to set for matching BGP routes

Local preference indicates the degree of preference for one BGP route
over other BGP routes. The path with highest local preference is
preferred.
integer Maximum: 4294967295
Default: "100"
med Multi exit descriminator

Multi exit descriminator (MED) is a hint to BGP neighbors about
the preferred path into an autonomous system (AS) that has multiple
entry points. A lower MED value is preferred over a higher value.
int Minimum: 0
Maximum: 4294967295
prefer_global_v6_next_hop Prefer global v6 next hop over local next hop

For incoming and import route_maps on receiving both v6 global
and v6 link-local address for the route, prefer to use the global
address as the next hop. By default, it prefers the link-local next hop.
boolean
weight Weight used to select certain path

Weight is used to select a route when multiple routes are available
to the same network. Route with the highest weight is preferred.
int Minimum: 0
Maximum: 65535

RouteMapListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of RouteMaps array of RouteMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RouteMapSequence (schema)

Name Description Type Notes
action Action for the Sequence RoutingFilterAction Required
match_criteria Match Criteria for the RouteMap Sequence RouteMapSequenceMatch Required
set_criteria Set Criteria for the RouteMap Sequence RouteMapSequenceSet

RouteMapSequenceMatch (schema)

Match sequence in route map which is used for matching routes.
IP prefix lists and match community expression are mutually
exclusive fields, one of them must be provided.

Name Description Type Notes
ip_prefix_lists IPPrefixList Identifiers for RouteMap Sequence Match Criteria array of string Minimum items: 1
Maximum items: 500
match_community_expression Expression to match BGP communities

It supports conjunction operator (AND) and five
operators within singular community match expression
(MATCH_ANY, MATCH_ALL, MATCH_EXACT, MATCH_NONE,
MATCH_REGEX).
CommunityMatchExpression

RouteMapSequenceSet (schema)

Name Description Type Notes
as_path_prepend As Path Prepending to influence path selection string
community Set normal BGP community

Set normal BGP community either well-known community name or
community value in aa:nn(2byte:2byte) format.
string
large_community Set large BGP community

Set large BGP community, community value shoud be in aa:bb:nn format where aa, bb, nn are unsigned integers with range [1-4294967295].		 string
local_preference Local preference number

Local preference indicates the degree of preference for one BGP route
over other BGP routes. The path/route with highest local preference
value is preferred/selected. If local preference value is not specified
then it will be considered as 100 by default.
integer Minimum: 0
Maximum: 4294967295
multi_exit_discriminator Multi Exit Discriminator (MED) integer Minimum: 0
Maximum: 4294967295
prefer_global_v6_next_hop Prefer global v6 next hop over local next hop

For incoming and import route_maps on receiving both v6 global
and v6 link-local address for the route, prefer to use the global
address as the next hop. By default, it prefers the link-local next hop.
boolean Default: "False"
weight Weight used to select certain path int Minimum: 0
Maximum: 65535

RouterLinkRuntimeRequestParameters (schema)

Router link runtime status request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_path Policy path of edge node

Policy path of edge node. Edge should be member of enforcement point.
It is mandantory for router link interface statistics and ARP-table APIs.
string
enforcement_point_path String Path of the enforcement point

Enforcement point path.		 string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
tier1_path Policy path of tier1

Policy path of tier1.
string Required

RouterNexthop (schema)

Next hop configuration for network

Name Description Type Notes
admin_distance Cost associated with next hop route

Cost associated with next hop route		 int Minimum: 1
Maximum: 255
Default: "1"
ip_address Next hop gateway IP address

Next hop gateway IP address		 IPAddress
scope Interface path associated with current route

Interface path associated with current route.
For example: specify a policy path referencing the IPSec VPN Session.
array of string Minimum items: 1

RoutesPerTransportNode (schema)

Routes per transport node

BGP routes per transport node.

Name Description Type Notes
routes BGP neighbor route details

Array of BGP neighbor route details for this transport node.
array of RouteDetails Readonly
source_address BGP neighbor source address

BGP neighbor source address.		 IPAddress Readonly
transport_node_id Transport node id string Required
Readonly

RoutesRequestParameters (schema)

Routes request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
edge_id UUID of edge node

UUID of edge node. Edge should be member of enforcement point.
string
edge_path Policy path of edge node

Policy path of edge node. Edge should be member of enforcement point.
string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
This property is required for retrieving routes in CSV format.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
network_prefix Network address filter parameter

IPAddress or CIDR network address to filter entries in the table.
IPAddressOrCIDRBlock
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
route_source Filter routes based on the source from which route is learned

Filter routes based on the source from which route is learned.
string Enum: BGP, STATIC, CONNECTED, OSPF
sort_ascending boolean
sort_by Field by which records are sorted string

RoutingConfig (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
forwarding_up_timer Forwarding up timer

Defines the extra time the router must wait before sending the UP notification
after the first BGP session is established. Default means forward immediately.
For TIER0/TIER1 logical router, default is 0. VRF logical router will set it same as
parent logical router.
integer
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
resource_type Must be set to the value RoutingConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

RoutingEntry (schema)

Routing table entry

Routing table entry.

Name Description Type Notes
admin_distance Admin distance

Admin distance.
int Readonly
interface The policy path of the interface which is used as the next hop string
lr_component_id Logical router component(Service Router/Distributed Router) id string
lr_component_type Logical router component(Service Router/Distributed Router) type string
network Network CIDR

Network CIDR.
string Readonly
next_hop Next hop address

Next hop address.
IPAddress Readonly
route_type Route type (USER, CONNECTED, NSX_INTERNAL,..)

Route type in routing table.
t0c - Tier-0 Connected
t0s - Tier-0 Static
b - BGP
t0n - Tier-0 NAT
t1s - Tier-1 Static
t1c - Tier-1 Connected
t1n: Tier-1 NAT
t1l: Tier-1 LB VIP
t1ls: Tier-1 LB SNAT
t1d: Tier-1 DNS FORWARDER
t1ipsec: Tier-1 IPSec
isr: Inter-SR
string Readonly

RoutingFilterAction (schema)

Action for Filters in Routing

Name Description Type Notes
RoutingFilterAction Action for Filters in Routing string Enum: PERMIT, DENY

RoutingGlobalConfig (schema)

NSX global configs for Routing

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
allow_changing_vdr_mac_in_use A flag to indicate if changing the VDR MAC being used is allowed

When this flag is set to true, it is allowed to change the VDR MAC being used by existing transport nodes in a NSX system. The VDR MAC used by a host switch in a transport node is decided by the OVERLAY transport zone(s) which the host switch joins. If any of the OVERLAY transport zone(s) has "nested_nsx" property being true, the MAC in "vdr_mac_nested" is used; otherwise the MAC in "vdr_mac" is used. Thus the VDR MAC being used by a host switch in a transport node can be changed in below ways. If the host switch is not in any OVERLAY transport zone whose "nested_nsx" property is true but is in an OVERLAY transport zone, the first way is updating the "vdr_mac" property. The 2nd way is updating one of the OVERLAY tranport zones joined by the host switch to set "nested_nsx" property true which will make the host switch use the VDR MAC in "vdr_mac_nested". The third way is directly updating the transport node to add an OVERLAY transport zone whose "nested_nsx" property is true into the host switch which will also make the host switch use the VDR MAC in "vdr_mac_nested". If the host switch is in some OVERLAY transport zone(s) whose "nested_nsx" property is true, the first way is updating the "vdr_mac_nested" property. The 2nd way is updating all those OVERLAY tranport zones to set "nested_nsx" property false which will make the host switch use the VDR MAC in "vdr_mac". The third way is directly updating the transport node to remove all those OVERLAY transport zones from the host switch which will also make the host switch use the VDR MAC in "vdr_mac". Please note that changing the VDR MAC being used by existing transport nodes will most likely cause traffic disruption and network outage!		 boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
l3_forwarding_mode L3 forwarding mode

This setting does not restrict configuration as per other modes. But the forwarding will only work as per the mode set here.		 string Required
Enum: IPV4_ONLY, IPV4_AND_IPV6
Default: "IPV4_ONLY"
logical_uplink_mtu MTU for the logical uplinks

This is the global default MTU for all the logical uplinks in a NSX domain. Currently logical uplink MTU can only be set globally and applies to the entire NSX domain. There is no option to override this value at transport zone level or transport node level. If this value is not set, the default value of 1500 will be used.		 int Default: "1500"
resource_type Must be set to the value RoutingGlobalConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vdr_mac The MAC address of the Virtual Distributed Router (VDR) port

This is the global default MAC address for all VDRs in all transport nodes in a NSX system. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node. A transport node uses this VDR MAC if any host switch in the node is in OVERLAY transport zone(s) but none of the transport zone(s) has "nested_nsx" property being true.		 MACAddress Default: "02:50:56:56:44:52"
vdr_mac_nested The MAC address of the Virtual Distributed Router (VDR) port in a nested NSX environment.

This is the global default MAC address for all VDRs in all transport nodes in a NSX system nested in another NSX system. All transport zones in such a nested NSX system will have the "nested_nsx" property being true so that all transport nodes will use this MAC for the VDR ports to avoid conflict with the VDR MAC in the outer NSX system. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node in a nested NSX environment. A transport node uses this VDR MAC if any host switch in the node is in an OVERLAY transport zone whose "nested_nsx" property is true.		 MACAddress Default: "02:50:56:56:44:53"

RoutingPolicy (schema)

Routing policy

Routing policy details.

Name Description Type Notes
next_hop_prefix_lists_mappings Next hop to prefix lists mappings

Array of next hop to prefix lists mapping.		 array of NextHopPrefixListsMapping Required
Minimum items: 1
routing_policy_type Routing policy type

Routing policy type.		 string Readonly
Enum: PROXIMITY_ROUTING
Default: "PROXIMITY_ROUTING"

RoutingTable (schema)

Routing table

Routing table.

Name Description Type Notes
count Entry count

Entry count.		 int Readonly
edge_node Transport node ID

Transport node ID.
string Readonly
error_message Routing table fetch error.

Routing table fetch error message, populated only if status if failure.
string Readonly
route_entries Route entries

Route entries.		 array of RoutingEntry Required
status Routing table fetch status.

Routing table fetch status from Transport node.
string Readonly
Enum: SUCCESS, FAILURE, NOT_FOUND

RoutingTableListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Routes per transport node ID

Paged Collection of Routes per transport node ID.		 array of RoutingTable
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RowListField (schema)

List of fields from which rows are formed

Root of the api result set for forming rows.

Name Description Type Notes
alias Alias Name

Short name or alias of row list field, if any. If unspecified, the row list field can be referenced by its index in the array of row list fields as $ (for example, $0).		 string Maximum length: 255
path JSON path

JSON path to the root of the api result set for forming rows.		 string Required
Maximum length: 1024

RpAddressMulticastRanges (schema)

Static IPv4 multicast address and assciated multicast group ranges

Static IPv4 multicast address and assciated multicast group ranges.

Name Description Type Notes
multicast_ranges Assciated multicast group ranges configuration

Assciated multicast group ranges configuration.		 array of IPCIDRBlock
rp_address Static IPv4 multicast address configuration

Static IPv4 multicast address configuration.		 IPAddress Required

Rule (schema)

A rule specifies the security policy rule between the workload groups

A rule indicates the action to be performed for various types of traffic flowing between workload groups.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
action Action

The action to be applied to all the services
The JUMP_TO_APPLICATION action is only supported for rules created in the
Environment category. Once a match is hit then the rule processing
will jump to the rules present in the Application category, skipping
all further rules in the Environment category. If no rules match in
the Application category then the default application rule will be hit.
This is applicable only for DFW.
string Enum: ALLOW, DROP, REJECT, JUMP_TO_APPLICATION
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_groups Destination group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
destinations_excluded Negation of destination groups

If set to true, the rule gets applied on all the groups that are
NOT part of the destination groups. If false, the rule applies to the
destination groups
boolean Default: "False"
direction Direction

Define direction of traffic.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Flag to disable the rule

Flag to disable the rule. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.
The value is set to IPV4_IPV6 for Layer3 rule if not specified.
For Layer2/Ether rule the value must be null.
string Enum: IPV4, IPV6, IPV4_IPV6
is_default Default rule flag

A flag to indicate whether rule is a default rule.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
notes Text for additional notes on changes

Text for additional notes on changes.		 string Maximum length: 2048
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profiles Layer 7 service profiles or TLS action profile

Holds the list of layer 7 service profile paths. These profiles accept
attributes and sub-attributes of various network services
(e.g. L4 AppId, encryption algorithm, domain name, etc) as key value
pairs. Instead of Layer 7 service profiles you can use a L7 access profile.
One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule.
In case of L7 access profile only one is allowed.
array of string Maximum items: 128
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Rule string
rule_id Unique rule ID

This is a unique 4 byte positive number that is assigned by the system.
This rule id is passed all the way down to the data path. The first 1GB
(1000 to 2^30) will be shared by GM and LM with zebra style striped
number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM
and so on.
integer Readonly
scope The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied
on multiple LRs/LRPs.
array of string Maximum items: 128
sequence_number Sequence number of the this Rule

This field is used to resolve conflicts between multiple
Rules under Security or Gateway Policy for a Domain
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple rules with the same
sequence number then their order is not deterministic. If a specific
order of rules is desired, then one has to specify unique sequence
numbers or use the POST request on the rule entity with
a query parameter action=revise to let the framework assign a
sequence number
int Minimum: 0
service_entries Raw services

In order to specify raw services this can be used,
along with services which contains path to services.
This can be empty or null.
array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Maximum items: 128
services Names of services

In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
array of string Maximum items: 128
source_groups Source group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
sources_excluded Negation of source groups

If set to true, the rule gets applied on all the groups that are
NOT part of the source groups. If false, the rule applies to the
source groups
boolean Default: "False"
tag Tag applied on the rule

User level field which will be printed in CLI and packet logs.
Even though there is no limitation on length of a tag, internally
tag will get truncated after 32 characters.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

RuleInsertParameters (schema)

Parameters to tell where rule needs to be placed

Parameters to let the admin specify a relative position of a rule w.r.t to
another one in the same security policy. If the rule specified in the
anchor_path belongs to another security policy an error will be thrown.

Name Description Type Notes
anchor_path The security policy/rule path if operation is 'insert_after' or 'insert_before' string
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

RuleListRequestParameters (schema)

Rule list request parameters

By default, if sort_by is missing, then rules will be sorted based on
sequence_number and then on rule_id as second level sorting criteria.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

RuleListResult (schema)

Paged Collection of Rules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Rule list results array of Rule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RuleState (schema)

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
pending_change_list List of pending changes

Pending changes to be realized.		 array of PendingChange Maximum items: 100
revision_desired Desired state revision number

This attribute represents revision number of rule's desired state.		 integer Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

RuleStatistics (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
byte_count Bytes count

Aggregated number of bytes processed by the rule.
integer Readonly
hit_count Hits count

Aggregated number of hits received by the rule.		 integer Readonly
internal_rule_id NSX internal rule id

Realized id of the rule on NSX MP. Policy Manager can create more than
one rule per policy rule, in which case this identifier helps to
distinguish between the multple rules created.
string Readonly
l7_accept_count L7 Accept count

Aggregated number of L7 Profile Accepted counters received by the rule.		 integer Readonly
l7_reject_count L7 Reject count

Aggregated number of L7 Profile Rejected counters received by the rule.		 integer Readonly
l7_reject_with_response_count L7 Reject with response count

Aggregated number of L7 Profile Rejected with Response counters received by the rule.		 integer Readonly
lr_path Logical Router (Tier-0/Tier1) path

Path of the LR on which the section is applied in case of Edge FW.		 string Readonly
max_popularity_index The maximum popularity index

Maximum value of popularity index of all rules of the type.
This is aggregated statistic which are computed with lower
frequency compared to individual generic rule statistics.
It may have a computation delay up to 15 minutes in response
to this API.
integer Readonly
max_session_count Maximum Sessions count

Maximum value of sessions count of all rules of the type.
This is aggregated statistic which are computed with lower
frequency compared to generic rule statistics. It may have
a computation delay up to 15 minutes in response to this API.
integer Readonly
packet_count Packets count

Aggregated number of packets processed by the rule.
integer Readonly
popularity_index The index of the popularity of rule

This is calculated by sessions count divided by age of the rule.		 integer Readonly
rule Rule path

Path of the rule.		 string Readonly
session_count sessions count

Aggregated number of sessions processed by the rule.
integer Readonly
total_session_count Total Sessions count

Aggregated number of sessions processed by all the rules
This is aggregated statistic which are computed with lower
frequency compared to individual generic rule statistics.
It may have a computation delay up to 15 minutes in
response to this API.
integer Readonly

RuleStatisticsForEnforcementPoint (schema)

Rule statistics for an enforcement point

Rule statistics for a specfic enforcement point.

Name Description Type Notes
container_cluster_path Cluster container path

Rule statistics for a single container cluster		 string Readonly
enforcement_point Enforcement point path

Rule statistics for a single enforcement point		 string Readonly
statistics Rule Statistics

Statistics for the specified enforcement point		 RuleStatistics Readonly

RuleStatisticsListResult (schema)

Paged Collection of rule statistics

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results RuleStatistics list results array of RuleStatisticsForEnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

RuntimeInterfaceOperationalStatus (schema)

Name Description Type Notes
interface_index Index of the interface integer Required
Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
status The Operational status of the interface string Required
Enum: UP, DOWN, UNKNOWN

RuntimeInterfaceStatistics (schema)

Name Description Type Notes
dropped_by_security_packets SIPacketsDroppedBySecurity Readonly
interface_index Index of the interface integer Required
Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
mac_learning SIMacLearningCounters Readonly
rx_bytes SIDataCounter Readonly
rx_packets SIDataCounter Readonly
tx_bytes SIDataCounter Readonly
tx_packets SIDataCounter Readonly

RuntimeState (schema)

Runtime State

Runtime State.

Name Description Type Notes
RuntimeState Runtime State

Runtime State.		 string Enum: UNINITIALIZED, UNKNOWN, UP, DOWN, DEGRADED, SUCCESS, FAILURE, IN_PROGRESS

SHAPredefinedPluginProfileData (schema)

System Health Config Item

Describes a config item for System Health profile.

Name Description Type Notes
check_interval The check interval

The interval of plugin to check the status.		 integer
report_interval The report interval

The interval of plugin to report the status.		 integer
smallest_report_interval_if_change The smallest report interval

The smallest report interval if the status is changed.
The value of smallest_report_interval_if_change should be
less than the value of report_interval
integer

SIAggregatedDataCounter (schema)

Name Description Type Notes
rx_bytes SIDataCounter Readonly
rx_packets SIDataCounter Readonly
tx_bytes SIDataCounter Readonly
tx_packets SIDataCounter Readonly

SIAggregatedDataCounterEx (schema)

Name Description Type Notes
dropped_by_security_packets SIPacketsDroppedBySecurity Readonly
mac_learning SIMacLearningCounters Readonly
rx_bytes SIDataCounter Readonly
rx_packets SIDataCounter Readonly
tx_bytes SIDataCounter Readonly
tx_packets SIDataCounter Readonly

SIDataCounter (schema)

Name Description Type Notes
dropped The dropped packets or bytes integer
multicast_broadcast The multicast and broadcast packets or bytes integer
total The total packets or bytes integer Required

SIErrorClass (schema)

Error class for all the Service Insertion related errors.

Name Description Type Notes
error_id integer Readonly
error_message string Readonly

SIExcludeList (schema)

Exclusion List

List of entities where Service Insertion will not be enforced. Exclusion List can contain NSGroup(s) or LogicalPort(s) or LogicalSwitch(es).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
member_count Total Member Count

Total number of members present in Exclude List.		 integer Readonly
members Member list

List of members in Exclusion List		 array of ResourceReference Required
Maximum items: 1000
resource_type Must be set to the value SIExcludeList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

SIExcludeListRequestParams (schema)

Parameter for the exclude list

Parameter used to remove member from Exclude List.

Name Description Type Notes
object_id Identifier of the object string Required
Maximum length: 64

SIMacLearningCounters (schema)

Name Description Type Notes
mac_not_learned_packets_allowed Number of dispatched packets with unknown source MAC address.

The number of packets with unknown source MAC address that are dispatched without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_ALLOW.		 integer
mac_not_learned_packets_dropped Number of dropped packets with unknown source MAC address.

The number of packets with unknown source MAC address that are dropped without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_DROP.		 integer
macs_learned Number of MACs learned integer

SIPacketTypeAndCounter (schema)

Name Description Type Notes
counter The number of packets. integer Required
packet_type The type of the packets string Required

SIPacketsDroppedBySecurity (schema)

Name Description Type Notes
bpdu_filter_dropped The number of packets dropped by "BPDU filter". integer
dhcp_client_dropped_ipv4 The number of IPv4 packets dropped by "DHCP client block". integer
dhcp_client_dropped_ipv6 The number of IPv6 packets dropped by "DHCP client block". integer
dhcp_server_dropped_ipv4 The number of IPv4 packets dropped by "DHCP server block". integer
dhcp_server_dropped_ipv6 The number of IPv6 packets dropped by "DHCP server block". integer
spoof_guard_dropped The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP. array of SIPacketTypeAndCounter

SIServiceProfileListResult (schema)

Service Insertion Service Profile List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service list

List of the Service-Insertion Services. The list has to be homogenous.		 array of BaseServiceProfile
(Abstract type: pass one of the following concrete types)
BaseServiceProfile
GiServiceProfile
ServiceInsertionServiceProfile		 Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SVMConfigureIssue (schema)

Service VM configuration issue

Type of issue and detailed description of the issues in case of post-VM deployment configuration failure.

Name Description Type Notes
errors List of errors

List of errors along with details like errorId and error messages.		 array of SIErrorClass
service_instance_id Service Instance ID

The ID of service instance which was deployed.		 string

SVMDeploymentSpec (schema)

Service-VM Deployment Spec

Deployment Specs holds information required to deploy the Service-VMs.i.e. OVF url where the partner Service-VM OVF is hosted. The host type on which the OVF(Open Virtualization Format) can be deployed, Form factor to name a few.

Name Description Type Notes
host_type HostType

Host Type on which the specified OVF can be deployed.		 string Required
Enum: ESXI, RHELKVM, UBUNTUKVM
min_host_version Minimum Host Version

Minimum host version supported by this ovf. If a host in the deployment cluster is having version less than this, then service deployment will not happen on that host.		 string Default: "6.5"
name name

Deployment Spec name for ease of use, since multiple DeploymentSpec can be specified.		 string
ovf_url OVF url

Location of the partner VM OVF to be deployed.		 string Required
service_form_factor Service Form Factor

Supported ServiceInsertion Form Factor for the OVF deployment. The default FormFactor is Medium.		 string Enum: SMALL, MEDIUM, LARGE
Default: "MEDIUM"
svm_version Partner Service-VM version.

Partner needs to specify the Service VM version which will get deployed.		 string Default: "1.0"

SamlTokenLoginCredential (schema)

A login credential specifying saml token

Details of saml token based credential to login to server.

Name Description Type Notes
credential_type Must be set to the value SamlTokenLoginCredential string Required
thumbprint Thumbprint of the server

Thumbprint of the server.		 string Pattern: "^(([0-9A-Fa-f]{2}[:])+([0-9A-Fa-f]{2}))?$"
token The saml token to login to server

The saml token to login to server.		 string

SamplingArgument (schema)

This is an abstract type. Concrete child types:
FirstNSampling
IntervalSampling
PacketNumberSampling

Name Description Type Notes
sampling_type Sampling type string Required
Enum: FirstNSampling, PacketNumberSampling, IntervalSampling

ScpProtocol (schema)

Name Description Type Notes
authentication_scheme Scheme to authenticate if required PasswordAuthenticationScheme Required
name Must be set to the value ScpProtocol string Required
Enum: http, https, scp, sftp
ssh_fingerprint SSH fingerprint of server string Required

SearchQueryRequest (schema)

SearchQueryRequest

Search query request.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
query Search query

The syntax of query is described in Search API documentation.		 string Required
sort_ascending boolean
sort_by Field by which records are sorted string

SearchResponse (schema)

SearchResponse

Search response

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Search results

List of records matching the search query.		 array of object Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SectionQueryParameters (schema)

Section query parameters

Name Description Type Notes
cascade Flag to cascade delete of this object to all it's child objects. boolean Default: "False"

SecurityCertificate (schema)

Name Description Type Notes
pem_encoded PEM encoded X.509 certificate

The certificate must include the enclosing "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"		 string Required
Minimum length: 52
ssh_public_key string Readonly
text X.509 certificate in text form string Readonly
Minimum length: 52
valid_from The time when the certificate starts being valid string Readonly
valid_to The time when the certificate stops being valid string Readonly

SecurityFeature (schema)

T1 Security feature entity with feature details

Name Description Type Notes
enable Flag to enable/disable

true - enable the feature, false - disable the feture		 boolean Required
Default: "False"
feature SecurityFeaturesSupported Required

SecurityFeatureBase (schema)

Security Feature feature entity

Name Description Type Notes
enable Flag to enable/disable

true - enable the feature, false - disable the feture		 boolean Required
Default: "False"

SecurityFeatureParameters (schema)

T1 Security Feature parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
feature SecurityFeaturesSupported
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SecurityFeatures (schema)

T1 Security features entity with feature details

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
features array of SecurityFeature Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SecurityFeatures string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SecurityFeaturesSupported (schema)

Collection of T1 supported security features

Feature to be enabled/disabled.
IDPS - Intrusion Detection System
TLS - Transport Layer Security Inspection
MALWAREPREVENTION - Malware Prevention
Use any one of this to enable/disabe it.

Name Description Type Notes
SecurityFeaturesSupported Collection of T1 supported security features

Feature to be enabled/disabled.
IDPS - Intrusion Detection System
TLS - Transport Layer Security Inspection
MALWAREPREVENTION - Malware Prevention
Use any one of this to enable/disabe it.
string Readonly
Enum: MALWAREPREVENTION, IDFW, IDPS, TLS

SecurityGlobalConfig (schema)

NSX global configs for security purposes, like trust store and trust manager.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
ca_signed_only A flag to indicate whether the server certs are only allowed to be ca-signed.

When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates.		 boolean Default: "False"
crl_checking_enabled A flag to indicate whether the Java trust-managers check certificate revocation

When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not.		 boolean Default: "True"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
eku_checking_enabled A flag to indicate whether the Extended Key Usage extension in the certificate is checked.

When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
resource_type Must be set to the value SecurityGlobalConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

SecurityGroup (schema)

Security Group

Stores information about a security group.

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
resource_type Must be set to the value SecurityGroup string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
security_group_id Security Group ID

ID of the security group.		 string Readonly
security_group_name Security Group Name

Name of the security group.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

SecurityGroupDetails (schema)

Security Group Details

Stores details of cloud security group and corresponding NSX security group.

Name Description Type Notes
cloud_security_group Cloud Security Group

Stores information about a cloud native security group created by NSX.
For AWS, this will correspond to cloud network security group
information. For Azure, this will correspond to cloud application
security group information.
SecurityGroup Readonly
nsx_security_group NSX Security Group

Stores information about a NSX security group corresponding to the
cloud security group.
SecurityGroup Readonly

SecurityGroupListRequestParameters (schema)

These parameters will be used to filter the list of security groups.
Multiple parameters can be given as input to 'AND' them.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
is_managed_by_nsx Is Managed By NSX

Filter parameter to obtain security groups which are managed by NSX.
boolean
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SecurityPolicy (schema)

Contains ordered list of Rules

Ordered list of Rules.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
application_connectivity_strategy List of Application Connectivity strategy for this SecurityPolicy

This field indicates the application connectivity policy for the security
policy.
array of ApplicationConnectivityStrategy Maximum items: 3
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildRule
ChildSecurityPolicyContainerCluster
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
connectivity_preference Connectivity preference applicable for this SecurityPolicy

This field indicates the default connectivity policy for the security
policy. Based on the connectivitiy preference, a default rule for this
security policy will be created. An appropriate action will be set on
the rule based on the value of the connectivity preference. If NONE is
selected or no connectivity preference is specified, then no default
rule for the security policy gets created. The default rule that gets
created will be a any-any rule and applied to entities specified in the
scope of the security policy. Specifying the connectivity_preference
without specifying the scope is not allowed. The scope has to be a
Group and one cannot specify IPAddress directly in the group that is
used as scope. This default rule is only applicable for the Layer3
security policies.
ALLOWLIST - Adds a default drop rule. Administrator can then use "allow"
rules to allow traffic between groups
DENYLIST - Adds a default allow rule. Admin can then use "drop" rules
to block traffic between groups
ALLOWLIST_ENABLE_LOGGING - Allowlisting with logging enabled
DENYLIST_ENABLE_LOGGING - Denylisting with logging enabled
NONE - No default rule is created.
string Enum: ALLOWLIST, DENYLIST, ALLOWLIST_ENABLE_LOGGING, DENYLIST_ENABLE_LOGGING, NONE
connectivity_strategy Connectivity strategy applicable for this SecurityPolicy

This field indicates the default connectivity policy for the security
policy. Based on the connectivity strategy, a default rule for this
security policy will be created. An appropriate action will be set on
the rule based on the value of the connectivity strategy. If NONE is
selected or no connectivity strategy is specified, then no default
rule for the security policy gets created. The default rule that gets
created will be a any-any rule and applied to entities specified in the
scope of the security policy. Specifying the connectivity_strategy
without specifying the scope is not allowed. The scope has to be a
Group and one cannot specify IPAddress directly in the group that is
used as scope. This default rule is only applicable for the Layer3
security policies.
This property is deprecated. Use the type connectivity_preference instead.
WHITELIST - Adds a default drop rule. Administrator can then use "allow"
rules (aka whitelist) to allow traffic between groups
BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules
(aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled
NONE - No default rule is created.
string Deprecated
Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE
default_rule_id Default rule ID associated with the connectivity_preference

Based on the value of the connectivity strategy, a default rule is
created for the security policy. The rule id is internally assigned
by the system for this default rule.
integer Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
logging_enabled Enable logging flag

This property is deprecated.
Flag to enable logging for all the rules in the security policy.
If the value is true then logging will be enabled for all the rules
in the security policy. If the value is false, then the rule level
logging value will be honored.
boolean Deprecated
Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SecurityPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules Rules that are a part of this SecurityPolicy array of Rule
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SecurityPolicyContainerCluster (schema)

Indicates the container cluster where the security policy will be realized.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
container_cluster_path Path to the container cluster entity in NSX

Path to the container cluster entity in NSX		 string Required
container_cluster_type Type of the controller where the SecurityPolicy will be realized

Type of the container cluster where the security policy will be realized		 string Enum: ANTREA
Default: "ANTREA"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SecurityPolicyContainerCluster string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SecurityPolicyContainerClusterListResult (schema)

Paged Collection of Security Policy Container Clusters

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of container clusters for a security policy array of SecurityPolicyContainerCluster
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SecurityPolicyInsertParameters (schema)

Parameters to tell where security policy needs to be placed

Parameters to let the admin specify a relative position of a security
policy w.r.t to another one.

Name Description Type Notes
anchor_path The security policy/rule path if operation is 'insert_after' or 'insert_before' string
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

SecurityPolicyListRequestParameters (schema)

SecurityPolicy list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
include_rule_count Include the count of rules in policy

If true, populate the rule_count field with the count of rules in
the particular policy. By default, rule_count will not be populated.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SecurityPolicyListResult (schema)

Paged Collection of security policies

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results SecurityPolicy list results array of SecurityPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SecurityPolicyStatistics (schema)

Security policy statistics

Aggregate statistics of all the rules in a security policy.

Name Description Type Notes
internal_section_id NSX internal section id

Realized id of the section on NSX MP. Policy Manager can create more than
one section per SecurityPolicy, in which case this identifier helps to
distinguish between the multiple sections created.
string Readonly
lr_path Logical Router (Tier-0/Tier1) path

Path of the LR on which the section is applied in case of Gateway Firewall.
string Readonly
result_count Rule stats count

Total count for rule statistics		 integer Required
Readonly
results Statistics for all rules

List of rule statistics.		 array of RuleStatistics Readonly
Maximum items: 1000

SecurityPolicyStatisticsForEnforcementPoint (schema)

Security policy statistics for an enforcement point

Aggregate statistics of all the rules in a security policy for a specific
enforcement point.

Name Description Type Notes
container_cluster_path Cluster container path

Security Policy statistics for a single container cluster		 string Readonly
enforcement_point Enforcement point path

Enforcement point to fetch the statistics from.		 string Readonly
statistics Security Policy Statistics

Statistics for the specified enforcement point		 SecurityPolicyStatistics Readonly

SecurityPolicyStatisticsListResult (schema)

Paged Collection of Security Policy statistics

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Security Policy statistics list results array of SecurityPolicyStatisticsForEnforcementPoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SecurityProfileBindingMap (schema)

Base security profile binding map

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SecurityProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

Segment (schema)

Segment configuration

Segment configuration to attach workloads.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
address_bindings Address bindings for the Segment

Static address binding used for the Segment. This field is deprecated and will be removed in a future release. Please use address_bindings in SegmentPort to configure static bindings.		 array of PortAddressBindingEntry Deprecated
Maximum items: 512
admin_state Represents Desired state of the Segment

Admin state represents desired state of segment. It does not reflect the state of other logical entities connected/attached to the segment.		 string Enum: UP, DOWN
Default: "UP"
advanced_config Advanced configuration for Segment

Advanced configuration for Segment.
SegmentAdvancedConfig
bridge_profiles Bridge Profile Configuration

Multiple distinct L2 bridge profiles can be configured.		 array of BridgeProfileConfig
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildDhcpStaticBindingConfig
ChildSegmentDiscoveryProfileBindingMap
ChildSegmentMonitoringProfileBindingMap
ChildSegmentPort
ChildSegmentQoSProfileBindingMap
ChildSegmentSecurityProfileBindingMap
ChildStaticARPConfig
connectivity_path Policy path to the connecting Tier-0 or Tier-1

Policy path to the connecting Tier-0 or Tier-1.
Valid only for segments created under Infra.
This field can only be used for overlay segments.
VLAN backed segments cannot have connectivity path set.
string
description Description of this resource string Maximum length: 1024
Sortable
dhcp_config_path Policy path to DHCP configuration

Policy path to DHCP server or relay configuration to use for all
IPv4 & IPv6 subnets configured on this segment.
string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
domain_name DNS domain name string
evpn_segment Evpn Segment Flag.

Flag to indicate if the Segment is a Child-Segment of type EVPN.		 boolean Readonly
evpn_tenant_config_path Policy path to the EvpnTenantConfig

Policy path to the EvpnTenantConfig resource. Supported only for Route-Server Evpn Mode.
Supported only for Overlay Segments. This will be populated for both Parent and Child segments
participating in Evpn Route-Server Mode.
string
extra_configs Extra configs on Segment

This property could be used for vendor specific configuration in key value
string pairs, the setting in extra_configs will be automatically inheritted
by segment ports in the Segment.
array of SegmentExtraConfig
federation_config Federation releated config

Additional config for federation.		 FederationConnectivityConfig Readonly
id Unique identifier of this resource string Sortable
l2_extension Configuration for extending Segment through L2 VPN L2Extension
ls_id Pre-created logical switch id for Segment

This property is deprecated. The property will continue to work as
expected for existing segments. The segments that are newly created
with ls_id will be ignored.
Sepcify pre-creted logical switch id for Segment.
string Deprecated
mac_pool_id Allocation mac pool associated with the Segment

Mac pool id that associated with a Segment.		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
metadata_proxy_paths Metadata Proxy Configuration Paths

Policy path to metadata proxy configuration. Multiple distinct MD proxies can be configured.		 array of string
overlay_id Overlay connectivity ID for this Segment

Used for overlay connectivity of segments. The overlay_id
should be allocated from the pool as definied by enforcement-point.
If not provided, it is auto-allocated from the default pool on the
enforcement-point.
int Minimum: 0
Maximum: 2147483647
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
replication_mode Replication mode of the Segment

If this field is not set for overlay segment, then the default of MTEP
will be used.
string Enum: MTEP, SOURCE
Default: "MTEP"
resource_type Must be set to the value Segment string
subnets Subnet configuration. Max 1 subnet array of SegmentSubnet
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zone_path Policy path to the transport zone

Policy path to the transport zone. Supported for VLAN backed segments
as well as Overlay Segments.
- This field is required for VLAN backed Segments.
- For overlay Segments, it is auto assigned if only one transport zone
exists in the enforcement point. Default transport zone is auto
assigned for overlay segments if none specified.
string
type Segment type

Segment type based on configuration.
string Readonly
Enum: ROUTED, EXTENDED, ROUTED_AND_EXTENDED, DISCONNECTED
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
vlan_ids VLAN ids for VLAN backed Segment

VLAN ids for a VLAN backed Segment.
Can be a VLAN id or a range of VLAN ids specified with '-' in between.
array of string

SegmentAdvancedConfig (schema)

Advanced configuration for Segment

Name Description Type Notes
address_pool_paths Policy path to IP address pools

Policy path to IP address pools.
array of string Maximum items: 1
connectivity Connectivity configuration

Connectivity configuration to manually connect (ON) or disconnect (OFF)
Tier-0/Tier1 segment from corresponding gateway.
This property does not apply to VLAN backed segments. VLAN backed segments
with connectivity OFF does not affect its layer-2 connectivity.
string Enum: ON, OFF
Default: "ON"
hybrid Flag to identify a hybrid logical switch

When set to true, all the ports created on this segment will behave
in a hybrid fashion. The hybrid port indicates to NSX that the
VM intends to operate in underlay mode, but retains the ability to
forward egress traffic to the NSX overlay network.
This property is only applicable for segment created with transport
zone type OVERLAY_STANDARD.
This property cannot be modified after segment is created.
boolean Default: "False"
inter_router Flag to indicate if the logical switch will provide inter-router connectivity

When set to true, any port attached to this logical switch will
not be visible through VC/ESX UI
boolean Default: "False"
local_egress Flag to enable local egress

This property is used to enable proximity routing with local egress.
When set to true, logical router interface (downlink) connecting
Segment to Tier0/Tier1 gateway is configured with prefix-length 32.
boolean Default: "False"
local_egress_routing_policies Local egress routing policies

An ordered list of routing policies to forward traffic to the next hop.
array of LocalEgressRoutingEntry Minimum items: 1
multicast Enable multicast on the downlink

Enable multicast on the downlink LRP created to connect the segment to
Tier0/Tier1 gateway.
boolean
ndra_profile_path Policy path of Neighbor Discovery Router Advertisement profile

This profile is applie dto the downlink logical router port created
while attaching this semgnet to tier-0 or tier-1. If this field is
empty, NDRA profile of the router is applied to the newly created
port.
string
node_local_switch Prevent BUM (broadcast, unknown-unicast and multicast) traffic from reaching the other spanned edges

A behaviour required for Firewall As A Service (FaaS) where the segment BUM traffic
is confined within the edge node that this segment belongs to.
boolean
origin_id ID of the discovered Segment representing a network managed by non-NSX entity.

ID populated by NSX when NSX on DVPG is used to indicate the source DVPG. Currently, only DVPortgroups are identified as Discovered Segments. The origin_id is the identifier of DVPortgroup from the source vCenter server.		 string
origin_type The DVPortgroup origin type

The type of source from where the DVPortgroup is discovered		 string Enum: VCENTER
uplink_teaming_policy_name Uplink Teaming Policy Name

The name of the switching uplink teaming policy for the Segment. This name corresponds to one of the switching uplink teaming policy names listed in TransportZone associated with the Segment. See transport_zone_path property above for more details. When this property is not specified, the segment will not have a teaming policy associated with it and the host switch's default teaming policy will be used by MP.		 string
urpf_mode Unicast Reverse Path Forwarding mode

This URPF mode is applied to the downlink logical router port created
while attaching this segment to tier-0 or tier-1.
string Enum: NONE, STRICT
Default: "STRICT"

SegmentConfigurationState (schema)

Segment state on specific Enforcement Point

Segment state on specific Enforcement Point.

Name Description Type Notes
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
segment_path Segment path string Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS

SegmentConfigurationStateListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Segment State on specific Enforcement Point

Paged Collection of Segment State on specific Enforcement Point		 array of SegmentConfigurationState
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentCrossSiteTrafficStats (schema)

Name Description Type Notes
last_update_timestamp Last updated timestamp

Timestamp when the l2 forwarder statistics was last updated.
EpochMsTimestamp Required
Readonly
rx_stats Received data counters

Total received data counters.		 InterSitePortCounters Readonly
segment_path Policy path of Segment to attach interface

Policy path of Segment to attach interface.
string Required
Readonly
tx_stats Sent data counters

Total sent data counters.		 InterSitePortCounters Readonly

SegmentDeleteRequestParameters (schema)

Segment delete request parameters

Name Description Type Notes
cascade Flag to specify whether to delete related segment ports

When the flag is true, all segment ports associated with this segment are detached and deleted.		 boolean Default: "False"

SegmentDhcpConfig (schema)

DHCP configuration for segment subnet

DHCP IPv4 and IPv6 configurations are extended from this abstract class.
This is an abstract type. Concrete child types:
SegmentDhcpV4Config
SegmentDhcpV6Config

Name Description Type Notes
dns_servers DNS servers for subnet

IP address of DNS servers for subnet. DNS server IP address must
belong to the same address family as segment gateway_address
property.
array of IPAddress Maximum items: 2
lease_time DHCP lease time for subnet

DHCP lease time in seconds. When specified, this property overwrites
lease time configured DHCP server config.
integer Minimum: 60
Maximum: 4294967295
Default: "86400"
resource_type string Required
Enum: SegmentDhcpV4Config, SegmentDhcpV6Config
server_address IP address of the DHCP server

IP address of the DHCP server in CIDR format.
The server_address is mandatory in case this segment has provided a
dhcp_config_path and it represents a DHCP server config.
If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must
be an IPv4 address. If this is a SegmentDhcpV6Config, the address must
be an IPv6 address.
This address must not overlap the ip-ranges of the subnet, or the
gateway address of the subnet, or the DHCP static-binding addresses
of this segment.
IPCIDRBlock

SegmentDhcpV4Config (schema)

DHCP configuration of IPv4 subnet in a segment

Name Description Type Notes
dns_servers DNS servers for subnet

IP address of DNS servers for subnet. DNS server IP address must
belong to the same address family as segment gateway_address
property.
array of IPAddress Maximum items: 2
lease_time DHCP lease time for subnet

DHCP lease time in seconds. When specified, this property overwrites
lease time configured DHCP server config.
integer Minimum: 60
Maximum: 4294967295
Default: "86400"
options DHCP options

IPv4 DHCP options for segment subnet.
DhcpV4Options
resource_type Must be set to the value SegmentDhcpV4Config string Required
Enum: SegmentDhcpV4Config, SegmentDhcpV6Config
server_address IP address of the DHCP server

IP address of the DHCP server in CIDR format.
The server_address is mandatory in case this segment has provided a
dhcp_config_path and it represents a DHCP server config.
If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must
be an IPv4 address. If this is a SegmentDhcpV6Config, the address must
be an IPv6 address.
This address must not overlap the ip-ranges of the subnet, or the
gateway address of the subnet, or the DHCP static-binding addresses
of this segment.
IPCIDRBlock

SegmentDhcpV6Config (schema)

DHCP configuration of IPv6 subnet in a segment

Name Description Type Notes
dns_servers DNS servers for subnet

IP address of DNS servers for subnet. DNS server IP address must
belong to the same address family as segment gateway_address
property.
array of IPAddress Maximum items: 2
domain_names Domain names for subnet

Domain names for subnet.
array of string
excluded_ranges Excluded range of IPv6 addresses

Excluded addresses to define dynamic ip allocation ranges.		 array of IPElement Minimum items: 0
Maximum items: 128
lease_time DHCP lease time for subnet

DHCP lease time in seconds. When specified, this property overwrites
lease time configured DHCP server config.
integer Minimum: 60
Maximum: 4294967295
Default: "86400"
preferred_time Preferred time

The length of time that a valid address is preferred. When the
preferred lifetime expires, the address becomes deprecated.
integer Minimum: 60
Maximum: 4294967295
resource_type Must be set to the value SegmentDhcpV6Config string Required
Enum: SegmentDhcpV4Config, SegmentDhcpV6Config
server_address IP address of the DHCP server

IP address of the DHCP server in CIDR format.
The server_address is mandatory in case this segment has provided a
dhcp_config_path and it represents a DHCP server config.
If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must
be an IPv4 address. If this is a SegmentDhcpV6Config, the address must
be an IPv6 address.
This address must not overlap the ip-ranges of the subnet, or the
gateway address of the subnet, or the DHCP static-binding addresses
of this segment.
IPCIDRBlock
sntp_servers SNTP servers for subnet

IPv6 address of SNTP servers for subnet.
array of IPv6Address Maximum items: 2

SegmentDiscoveryProfileBindingMap (schema)

Segment Discovery Profile binding map

This entity will be used to establish association between discovery profile
and Segment. Using this entity, user can specify intent for applying
discovery profile to particular segments.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_discovery_profile_path IP Discovery Profile Path

PolicyPath of associated IP Discovery Profile		 string
mac_discovery_profile_path Mac Discovery Profile Path

PolicyPath of associated Mac Discovery Profile		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SegmentDiscoveryProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SegmentDiscoveryProfileBindingMapListRequestParameters (schema)

Segment Discovery Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SegmentDiscoveryProfileBindingMapListResult (schema)

Paged collection of Segment Discovery Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Segment Discovery Profile Binding Map list results array of SegmentDiscoveryProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentExtraConfig (schema)

Vendor specific configuration on segment or Segment port

Segment extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on either segment or segment port.

Name Description Type Notes
config_pair Key value pair in string for the configuration UnboundedKeyValuePair Required

SegmentInfo (schema)

Segment related information

This contains details about the segment created in NSX domain on a
transport zone.

Name Description Type Notes
display_name Name of the segment

Segment Name as created in NSX domain.
string Readonly
id Segment Id

Segment id as created in NSX domain.
string Readonly
instances_count Number of instances on this segment

Number of instances or cloud compute resources on this segment.
integer Readonly
is_hybrid Flag to identify if this is a hybrid segment

Flag to identify if this is a hybrid segment.
boolean Readonly
nsx_tag NSX Tag value

This tag value is applied on cloud compute resource to be attached to
this segment.
string Readonly

SegmentL2ForwarderSiteSpanInfo (schema) (Experimental)

Name Description Type Notes
inter_site_forwarder_status Inter-site forwarder status per node

Inter-site forwarder status per node.		 array of L2ForwarderStatusPerNode Readonly
last_update_timestamp Last updated timestamp

Timestamp when the L2 forwarder remote mac addresses was last updated.
EpochMsTimestamp Required
Readonly
remote_macs_per_site L2 forwarder remote mac addresses per site

L2 forwarder remote mac addresses per site for logical switch.
array of L2ForwarderRemoteMacsPerSite Readonly
segment_path Segment path

Policy path of a segment.
string Required
Readonly

SegmentListRequestParameters (schema)

Segment list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
segment_type Segment type string Enum: DVPortgroup, ALL
sort_ascending boolean
sort_by Field by which records are sorted string

SegmentListResult (schema)

Paged collection of Segments

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Segment list results array of Segment Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentMacAddressListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of MacTableEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
transport_node_id Transport node identifier string Readonly

SegmentMonitoringProfileBindingMap (schema)

Segment Monitoring Profile binding map

This entity will be used to establish association between monitoring profile
and Segment. Using this entity, you can specify intent for applying
monitoring profile to particular segment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipfix_l2_profile_path IPFIX L2 Profile Path

PolicyPath of associated IPFIX L2 Profile		 string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
port_mirroring_profile_path Port Mirroring Profile Path

PolicyPath of associated Port Mirroring Profile		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SegmentMonitoringProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SegmentMonitoringProfileBindingMapListRequestParameters (schema)

Segment Monitoring Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SegmentMonitoringProfileBindingMapListResult (schema)

Paged collection of Segment Monitoring Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Segment Monitoring Profile Binding Map list results array of SegmentMonitoringProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentPort (schema)

Policy port object for segment

Policy port will create LogicalPort on LogicalSwitch corresponding to the Segment. Address bindings cannot be removed after realization.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
address_bindings Address bindings for the port

Static address binding used for the port.		 array of PortAddressBindingEntry Maximum items: 512
admin_state Represents desired state of the segment port string Enum: UP, DOWN
Default: "UP"
attachment VIF attachment

Only VIF attachment is supported		 PortAttachment
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildPortDiscoveryProfileBindingMap
ChildPortMonitoringProfileBindingMap
ChildPortQoSProfileBindingMap
ChildPortSecurityProfileBindingMap
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
extra_configs Extra configs on segment port

This property could be used for vendor specific configuration in key value
string pairs. Segment port setting will override segment setting if
the same key was set on both segment and segment port.
array of SegmentExtraConfig
id Unique identifier of this resource string Sortable
ignored_address_bindings Address bindings to be ignored by IP Discovery module

IP Discovery module uses various mechanisms to discover address
bindings being used on each segment port. If a user would like to
ignore any specific discovered address bindings or prevent the
discovery of a particular set of discovered bindings, then those
address bindings can be provided here. Currently IP range in CIDR format
is not supported.
array of PortAddressBindingEntry Minimum items: 0
Maximum items: 16
init_state Initial state of this logical ports

Set initial state when a new logical port is created. 'UNBLOCKED_VLAN'
means new port will be unblocked on traffic in creation, also VLAN will
be set with corresponding logical switch setting. This port setting
can only be configured at port creation, and cannot be modified.
'RESTORE_VIF' fetches and restores VIF attachment from ESX host.
string Enum: UNBLOCKED_VLAN, RESTORE_VIF
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
origin_id ID of the distributed virtual port and the distributed virtual switch in the source vCenter

ID populated by NSX when NSX on DVPG is used to indicate the source Distributed Virtual Port
and the corresponding Distributed Virtual Switch. This ID is populated only for ports attached to
discovered segments.
string Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SegmentPort string
source_site_id source site(LM) id.

This field will refer to the source site on which the segment
port is discovered. This field is populated by GM, when it
receives corresponding notification from LM.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SegmentPortAttachmentState (schema)

VIF attachment state of a segment port

Name Description Type Notes
attachers VM or vmknic entities that are attached to the Segment Port array of PortAttacher Readonly
id VIF ID string Readonly
state State of the VIF attached to Segment Port

A segment port must be in one of following states.
FREE - If there are no active attachers. The port may or
may not have an attachment ID configured on it. This state is
applicable only to port of static type.
ATTACHED - Segment port has exactly one active attacher and no
further configuration is pending.
ATTACHED_PENDING_CONF - Segment port has exactly one attacher,
however it may not have been configured completely. Additional
configuration will be provided by other nsx components.
ATTACHED_IN_MOTION - Segment port has multiple active attachers.
This state represents a scenario where VM is moving from one
location (host or storage) to another (e.g. vmotion, vSphere HA)
DETACHED - A temporary state after all port attachers have
been detached. This state is applicable only to a port of
ephemeral type and the port will soon be deleted.
string Required
Readonly
Enum: FREE, ATTACHED, ATTACHED_PENDING_CONF, ATTACHED_IN_MOTION, DETACHED

SegmentPortListRequestParameters (schema)

SegmentPort list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SegmentPortListResult (schema)

Paged collection of SegmentPort

List SegmentPort objects

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results SegmentPort list results

Place holder for the list result		 array of SegmentPort Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentPortMacAddressCsvListResult (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of SegmentPortMacTableCsvEntry

SegmentPortMacAddressListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of SegmentPortMacTableEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
transport_node_id Transport node identifier string Readonly

SegmentPortMacTableCsvEntry (schema)

Name Description Type Notes
mac_address The MAC address string Required
mac_type The type of the MAC address MacAddressType Required

SegmentPortMacTableEntry (schema)

Name Description Type Notes
mac_address The MAC address string Required
mac_type The type of the MAC address MacAddressType Required

SegmentPortState (schema)

Realized state of the segment port on enforcement point

Contains realized state of the segment port. For example: transport node
on which the port is located, discovered and realized address bindings of
the port.

Name Description Type Notes
attachment Segment port attachment state SegmentPortAttachmentState Readonly
discovered_bindings Segment port bindings discovered automatically

Contains the list of address bindings for a segment port that were
automatically dicovered using various snooping methods like ARP, DHCP
etc.
array of AddressBindingEntry
duplicate_bindings Duplicate segment port address bindings

If any address binding discovered on the port is also found on
other port on the same segment, then it is included in
the duplicate bindings list along with the ID of the port with
which it conflicts.
array of DuplicateAddressBindingEntry
realized_bindings Realized segment port bindings

List of segment port bindings that are realized. This list may be
populated from the discovered bindings or manual user specified bindings.
This binding configuration can be used by features such as firewall,
spoof-guard, traceflow etc.
array of AddressBindingEntry
transport_node_ids Identifiers of the transport nodes where the port is located array of string

SegmentPortStatistics (schema)

Segment port statistics on specific Enforcement Point

Segment port statistics on specific Enforcement Point.

Name Description Type Notes
dropped_by_security_packets PacketsDroppedBySecurity Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_port_id The id of the logical port string Required
Readonly
mac_learning MacLearningCounters Readonly
rx_bytes DataCounter Readonly
rx_packets DataCounter Readonly
tx_bytes DataCounter Readonly
tx_packets DataCounter Readonly

SegmentPortStatus (schema)

Segment port status on specific Enforcement Point

Segment port status on specific Enforcement Point.

Name Description Type Notes
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_port_id The id of the logical port string Required
Readonly
status The Operational status of the logical port string Required
Enum: UP, DOWN, UNKNOWN

SegmentQoSProfileBindingMap (schema)

Segment QoS Profile binding map

This entity will be used to establish association between qos profile
and Segment. Using this entity, you can specify intent for applying
qos profile to particular segment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
qos_profile_path QoS Profile Path

PolicyPath of associated QoS Profile		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SegmentQoSProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SegmentQoSProfileBindingMapListRequestParameters (schema)

Segment QoS Profile Binding Map list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SegmentQoSProfileBindingMapListResult (schema)

Paged collection of Segment QoS Profile Binding Maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Segment QoS Profile Binding Map list results array of SegmentQoSProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentRequestParameter (schema)

Segment request rarameter for HAPI

Segment request parameter, used in hierarchical API.

Name Description Type Notes
force Force segment update. boolean Required
resource_type Must be set to the value SegmentRequestParameter string Required

SegmentSecurityProfile (schema)

Segment Security Profile

Security features extended by policy operations for securing logical segments.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bpdu_filter_allow Disable BPDU filtering on this whitelist

Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering.
List of allowed MACs - 01:80:c2:00:00:00, 01:80:c2:00:00:01, 01:80:c2:00:00:02, 01:80:c2:00:00:03,
01:80:c2:00:00:04, 01:80:c2:00:00:05, 01:80:c2:00:00:06, 01:80:c2:00:00:07,
01:80:c2:00:00:08, 01:80:c2:00:00:09, 01:80:c2:00:00:0a, 01:80:c2:00:00:0b,
01:80:c2:00:00:0c, 01:80:c2:00:00:0d, 01:80:c2:00:00:0e, 01:80:c2:00:00:0f,
00:e0:2b:00:00:00, 00:e0:2b:00:00:04, 00:e0:2b:00:00:06, 01:00:0c:00:00:00,
01:00:0c:cc:cc:cc, 01:00:0c:cc:cc:cd, 01:00:0c:cd:cd:cd, 01:00:0c:cc:cc:c0,
01:00:0c:cc:cc:c1, 01:00:0c:cc:cc:c2, 01:00:0c:cc:cc:c3, 01:00:0c:cc:cc:c4,
01:00:0c:cc:cc:c5, 01:00:0c:cc:cc:c6, 01:00:0c:cc:cc:c7
array of MACAddress Minimum items: 0
Maximum items: 32
bpdu_filter_enable BPDU filtering status

Indicates whether BPDU filter is enabled. BPDU filtering is enabled by default.
boolean Default: "True"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
dhcp_client_block_enabled Enable DHCP client block

Filters DHCP server and/or client traffic. DHCP server
blocking is enabled and client blocking is disabled by default.
boolean Default: "False"
dhcp_client_block_v6_enabled Enable DHCP client block v6

Filters DHCP server and/or client IPv6 traffic. DHCP server
blocking is enabled and client blocking is disabled by default.
boolean Default: "False"
dhcp_server_block_enabled Enable DHCP server block

Filters DHCP server and/or client traffic. DHCP server
blocking is enabled and client blocking is disabled by default.
boolean Default: "True"
dhcp_server_block_v6_enabled Enable DHCP server block v6

Filters DHCP server and/or client IPv6 traffic. DHCP server
blocking is enabled and client blocking is disabled by default.
boolean Default: "True"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
non_ip_traffic_block_enabled Enable non IP traffic block

A flag to block all traffic except IP/(G)ARP/BPDU.
boolean Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
ra_guard_enabled Enable Router Advertisement Guard

Enable or disable Router Advertisement Guard.
boolean Default: "False"
rate_limits Rate limiting configuration

Allows configuration of rate limits for broadcast and multicast traffic. Rate limiting is disabled by default		 TrafficRateLimits
rate_limits_enabled Enable Rate Limits

Enable or disable Rate Limits
boolean Default: "False"
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SegmentSecurityProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SegmentSecurityProfileBindingMap (schema)

Security profile binding map for segment

Contains the binding relationship between segment and security profile.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SegmentSecurityProfileBindingMap string
segment_security_profile_path Segment Security Profile Path

The policy path of the asscociated Segment Security profile		 string
spoofguard_profile_path SpoofGuard Profile Path

The policy path of the asscociated SpoofGuard profile		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SegmentSecurityProfileBindingMapListRequestParameters (schema)

Segment security profile binding map request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SegmentSecurityProfileBindingMapListResult (schema)

Paged collection of segment security profile binding maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Segment security profile binding map list results array of SegmentSecurityProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentSecurityProfileListRequestParameters (schema)

Segment security profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SegmentSecurityProfileListResult (schema)

Paged collection of segment security profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Segment Security profile list results array of SegmentSecurityProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SegmentStateRequestParameters (schema)

Request Parameters for Metadata Proxy Runtime Information

Request parameters that represents a segment path and enforcement_point_path.

Name Description Type Notes
configuration_state Configuration state of the segment on enforcement point string Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

SegmentStatistics (schema)

Segment statistics on specific Enforcement Point

Segment statistics on specific Enforcement Point.

Name Description Type Notes
dropped_by_security_packets PacketsDroppedBySecurity Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_switch_id The id of the logical Switch string Required
Readonly
mac_learning MacLearningCounters Readonly
rx_bytes DataCounter Readonly
rx_packets DataCounter Readonly
tx_bytes DataCounter Readonly
tx_packets DataCounter Readonly

SegmentSubnet (schema)

Subnet configuration for segment

Name Description Type Notes
dhcp_config Additional DHCP configuration

Additional DHCP configuration for current subnet.
SegmentDhcpConfig
(Abstract type: pass one of the following concrete types)
SegmentDhcpV4Config
SegmentDhcpV6Config
dhcp_ranges DHCP address ranges for dynamic IP allocation

DHCP address ranges are used for dynamic IP allocation.
Supports address range and CIDR formats. First valid
host address from the first value is assigned to DHCP server
IP address. Existing values cannot be deleted or modified,
but additional DHCP ranges can be added.
array of IPElement Minimum items: 1
Maximum items: 99
gateway_address Gateway IP address.

Gateway IP address in CIDR format for both IPv4 and IPv6.
string Format: ip-cidr-block
network Network CIDR for subnet

Network CIDR for this subnet calculated from gateway_addresses and
prefix_len.
string Readonly

SelectableResourceReference (schema)

Resources to take action on

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
selected Set to true if this resource has been selected to be acted upon boolean Required
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

SelectiveSyncSettings (schema)

Directory domain selective sync settings

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
enabled Enable or disable SelectiveSync boolean Required
result_count Count of results found (across all pages), set only on first page integer Readonly
selected_org_units Selected OrgUnits for SelectiveSync

If SelectiveSync is enabled, this contains 1 or more
OrgUnits, which NSX will synchronize with in LDAP server.
The full distiguished name (DN) should be used for OrgUnit.
If SelectiveSync is disabled, do not define this or specify an
empty list.
array of string
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SelfResourceLink (schema)

Link to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.

Name Description Type Notes
action Optional action string Readonly
href Link to resource string Required
Readonly
rel Link relation type

Custom relation type (follows RFC 5988 where appropriate definitions exist)		 string Required
Readonly

SelfSignedActionParameter (schema)

Name Description Type Notes
days_valid Number of days the certificate will be valid, default 825 days integer Required
Minimum: 1
Maximum: 10000
Default: "825"

ServerAuthType (schema) (Deprecated)

server authentication mode

Server authentication could be REQUIRED or IGNORE, it is used to specify
if the server certificate presented to the load balancer during handshake
should be actually validated or not. Validation is disabled by default.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.

Name Description Type Notes
ServerAuthType server authentication mode

Server authentication could be REQUIRED or IGNORE, it is used to specify
if the server certificate presented to the load balancer during handshake
should be actually validated or not. Validation is disabled by default.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.
string Deprecated
Enum: REQUIRED, IGNORE

ServerSslProfileBinding (schema) (Deprecated)

Name Description Type Notes
certificate_chain_depth the maximum traversal depth of server certificate chain

authentication depth is used to set the verification depth in the server
certificates chain.
integer Minimum: 1
Maximum: 2147483647
Default: "3"
client_certificate_id client certificate identifier

To support client authentication (load balancer acting as a client
authenticating to the backend server), client certificate can be
specified in the server-side SSL profile binding
string
server_auth server authentication mode ServerAuthType Default: "IGNORE"
server_auth_ca_ids CA identifier list to verify server certificate

If server auth type is REQUIRED, server certificate must be signed by
one of the trusted Certificate Authorities (CAs), also referred to as
root CAs, whose self signed certificates are specified.
array of string
server_auth_crl_ids CRL identifier list to verify server certificate

A Certificate Revocation List (CRL) can be specified in the server-side
SSL profile binding to disallow compromised server certificates.
array of string
ssl_profile_id server SSL profile identifier

Server SSL profile defines reusable, application-independent server side
SSL properties.
string

Service (schema)

Contains the information related to a service

Used while defining a CommunicationEntry. A service may have multiple
service entries.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildServiceEntry
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_default Flag for default services

The flag, if true, indicates that service is created in the system by default.
Such default services can't be modified/deleted.
boolean Readonly
Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Service string
service_entries Service type array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry
service_type Type of service, EITHER or NON_ETHER string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ServiceAssociationListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
service_type string Required
Enum: FireWallServiceAssociationListResult, IpfixServiceAssociationListResult
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceAttachment (schema)

Logical Attachment Point for a 3rd Party Service

A ServiceAttachment represents a point on NSX entity (Example - Edge Router) to which ServiceInstance can be connected through an InstanceEndpoint. Example - In VMWare Hybric Cloud Extention (HCX) use case, HCX appliances connect to this Service Attachment Point. We do not handle the lifecycle of these appliance/s.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attachment_status Attachment Status

UP - A Service Attachment will have its Service Port - UP and with a configured IP address. DOWN - An Inactive ServiceAttachment has its Service Port - DOWN. It can be used to connect set of appliances that do not need to exchange traffic to/from/through the Edge node.		 string Enum: UP, DOWN
Default: "UP"
deployed_to Deployed-to object

NSX Resource where we want to create Service Attachment Point. Ex. T0 LR Edge in case of north-south ServiceInsertion and a TransportZone (which is used to define the service plane) in case of east-west service insertion.		 ResourceReference Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
local_ips Local IPs

Local IPs associated with this Service Attachment.		 array of IPInfo Minimum items: 1
Maximum items: 1
logical_routers Logical Router list

List of LogicalRouters to be connected to the ServicePlane logical switch via a ServiceLink.		 array of ResourceReference Minimum items: 1
Maximum items: 128
logical_switch Logical Switch

Logical Switch gets created as a part of Service Attachment creation.		 ResourceReference Readonly
resource_type Must be set to the value ServiceAttachment string
service_port Service Port (Logical Router Centralized Service Port)

Service Port gets created as a part of Service Attachment creation. It is a Logical Router Port of type CentralizedServicePort. It does not participate in distributed routing. Stateless Policy Based Routing service can be applied on this port.		 ResourceReference Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ServiceAttachmentListResult (schema)

Service Attachment List

List of Service Attachments.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service-Attachment list

List of the Service Attachments.		 array of ServiceAttachment Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceBinding (schema)

Name Description Type Notes
service_id UUID of Service

Identifier of Logical Service		 ResourceReference Required

ServiceCapability (schema)

Service capabilities

Service capabilities that will be inherited by service VMs created using a service definition that contains this service capability.

Name Description Type Notes
can_decrement_si SI decrement flag

Indicating whether service is configured to decrement SI field in NSH metadata.		 boolean Readonly
Default: "False"
nsh_liveness_support_enabled NSH liveness support flag

Indicating whether service supports NSH liveness detection.		 boolean Default: "False"

ServiceChain (schema)

Service Chain

Service chain is a set of network Services. A Service chain is made up of ordered list of service profiles belonging to any same or different services.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
forward_path_service_profiles Forward path service profiles

List of ServiceInsertionServiceProfiles that constitutes the the service chain. The forward path service profiles are applied to ingress traffic.		 array of ResourceReference Required
Maximum items: 4
id Unique identifier of this resource string Sortable
on_failure_policy On Failure Policy

Failure policy for the service tells datapath, the action to take i.e to allow or block traffic during failure scenarios.		 string Enum: ALLOW, BLOCK
Default: "ALLOW"
path_selection_policy Path Selection Policy

Path selection policy can be - ANY - Service Insertion is free to redirect to any service path regardless of any load balancing considerations or flow pinning. LOCAL - means to prefer local service insances. REMOTE - preference is to redirect to the SVM co-located on the same host.		 string Enum: ANY, LOCAL, REMOTE
Default: "ANY"
resource_type Must be set to the value ServiceChain string
reverse_path_service_profiles Reverse path service profiles

List of ServiceInsertionServiceProfiles id. Reverse path service profiles are applied to egress traffic and is optional. 2 different set of profiles can be defined for forward and reverse path. If not defined, the reverse of the forward path service profile is applied.		 array of ResourceReference Maximum items: 4
service_attachments Service Attachment list

Service attachment specifies the scope i.e Service plane at which the SVMs are deployed.		 array of ResourceReference Required
Minimum items: 1
Maximum items: 1
service_chain_id Service chain id

A unique id generated for every service chain. This is not a uuid.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ServiceChainListRequestParameters (schema)

Service Chain list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceChainListResult (schema)

Service Chain List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service list

List of the Service-Insertion Services. The list has to be homogenous.		 array of ServiceChain Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceChainMapping (schema)

Service Chain Mapping

A ServiceInsertionServiceProfile can be part of multiple ServiceChains. ServiceChainMapping for a particular profile will contain a list of all the ServiceChains it's part of. Each Mapping will also contain some metadata to uniquely identify a profile from other profiles.

Name Description Type Notes
direction Direction

Each ServiceChain has forward_path_service_profiles and reverse_path_service_profiles. This property will indicate which of them being used. FORWARD - forward_path_service_profiles REVERSE - reverse_path_service_profiles		 string Readonly
Enum: FORWARD, REVERSE
service_chain_id Service Chain id

A unique id generated for every ServiceChain. This is not a uuid.		 string Readonly
service_index Service Index

Service Index represents a numerical position of a ServiceInsertionServiceProfile in a ServiceChain. It will be in reverse order. Service Index can point to either forward_path_service_profiles or reverse_path_service_profiles indicated by direction property. Example - For a ServiceChain A-B-C, A will have index of 3, B will have index of 2 and C will have index of 1.		 integer Readonly

ServiceChainMappingListResult (schema)

Service Chain Mapping List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service Chain Mapping List

List of the Service Chain Mappings. The list has to be homogenous.		 array of ServiceChainMapping Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceConfig (schema)

Service Config for profile and common configuration

Service configs are groupings of profiles (i.e switch profiles) and configurations applied to resources or collection of resources(NSGroups).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_to Entities on which the input profile will be applied

The list of entities that the configurations should be applied to.
This can either be a NSGroup or any other entity like TransportNode, LogicalPorts etc.
array of ResourceReference
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
precedence The priority of the service config

Every ServiceConfig has a priority based upon its precedence value. Lower the value
of precedence, higher will be its priority. If user doesnt specify the precedence,
it is generated automatically by system. The precedence is generated based upon the
type of profile used in ServiceConfig. Precedence are auto-generated in decreasing
order with difference of 100. Automatically generated precedence value will be 100
less than the current minimum value of precedence of ServiceConfig of a given profile
type in system.There cannot be duplicate precedence for ServiceConfig of same profile
type.
integer Minimum: 0
Maximum: 4294967295
profiles Profiles to be added to service config

These are the NSX Profiles which will be added to service config, which
will be applied to entities/groups provided to applied_to field of service config.
array of NSXProfileReference Required
Minimum items: 1
Maximum items: 1
resource_type Must be set to the value ServiceConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ServiceConfigList (schema)

List of Service Configs for batch operation

List of Service config objects that needs to be either created
or updated with the respective profiles and precedence.

Name Description Type Notes
service_configs service config list results

An Array of ServiceConfig objects containing details of
profiles to be applied, entities on which these profiles
will be applied and precedence.
array of ServiceConfig Required
Minimum items: 1
Maximum items: 100

ServiceConfigListRequestParameters (schema)

NSProfile list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
profile_type Fetch ServiceConfig for the given attribute profile_type

It fetches ServiceConfig for the given profile_type.
Only one type of supported profile type can be mentioned
in a single API call. API will return all ServiceConfig if
this field is not passed.
string
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceConfigListResult (schema)

Paged Collection of service configs

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results service config list results array of ServiceConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceDefinition (schema)

Definition of a Service.

Registering a Service is the first step in the ServiceInsertion mechanism. A ServiceDefinition is used to create a service.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attachment_point Attachment Point

The point at which the service is deployed/attached for redirecting the traffic to the the partner appliance. Attachment Point is required if Service caters to any functionality other than EPP and MPS.		 array of string Enum: TIER0_LR, TIER1_LR, SERVICE_PLANE
Minimum items: 0
Maximum items: 2
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
functionalities Functionality Type

The capabilities provided by the services. Needs to be one or more of the following | NG_FW - Next Generation Firewall | IDS_IPS - Intrusion Detection System / Intrusion Prevention System | NET_MON - Network Monitoring | HCX - Hybrid Cloud Exchange | BYOD - Bring Your Own Device | TLB - Transparent Load Balancer | EPP - Endpoint Protection.(Third party AntiVirus partners using NXGI should use this functionality for the service) | MPS - Malware Prevention Solution		 array of string Required
Enum: NG_FW, IDS_IPS, NET_MON, HCX, BYOD, EPP, TLB, MPS
Minimum items: 1
id Unique identifier of this resource string Sortable
implementations Implementation Type

This indicates the insertion point of the service i.e whether the service will be used to protect North-South or East-West traffic in the datacenter.		 array of string Required
Enum: NORTH_SOUTH, EAST_WEST
Minimum items: 1
Maximum items: 1
on_failure_policy On Failure Policy

Failure policy for the service tells datapath, the action to take i.e to Allow or Block traffic during failure scenarios. For north-south ServiceInsertion, failure policy in the service instance takes precedence. For east-west ServiceInsertion, failure policy in the service chain takes precedence. BLOCK is not supported for Endpoint protection (EPP) and MPS functionality.		 string Enum: ALLOW, BLOCK
Default: "ALLOW"
resource_type Must be set to the value ServiceDefinition string
service_capability Service capability

Service capability.		 ServiceCapability
service_deployment_spec Service Deployment Specification

Service Deployment Specification defines takes in information required to deploy and configure a partner appliance/service-vm.		 ServiceDeploymentSpec
service_manager_id Service Manager Id

ID of the service manager to which this service is attached with.
This field is not set during creation of service. This field will
be set explicitly when Service Manager is created successfully using this service.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transports Transport Type

Transport Type of the service, which is the mechanism of redirecting the traffic to the the partner appliance. Transport type is required if Service caters to any functionality other than EPP and MPS.		 array of string Enum: L2_BRIDGE, L3_ROUTED, NSH
Minimum items: 0
Maximum items: 1
vendor_id Vendor ID

Id which is unique to a vendor or partner for which the service is created.		 string Required

ServiceDefinitionListRequestParameters (schema)

Service definition list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceDeployment (schema)

Deployment details of a Service

Used to provide the deployment specification for the service.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
clustered_deployment_count Clustered Deployment Count

Number of instances in case of clustered deployment.		 integer Minimum: 1
Maximum: 10
Default: "1"
deployed_to Deployed-to object list

List of resource references where service instance be deployed. Ex. Tier 0 Logical Router in case of N-S ServiceInsertion. Service Attachment in case of E-W ServiceInsertion.		 array of ResourceReference Minimum items: 1
Maximum items: 128
deployment_mode Deployment Mode

Mode of deployment. Currently, only stand alone deployment is supported. It is a single VM deployed through this deployment spec. In future, HA configurations will be supported here.		 string Enum: STAND_ALONE, ACTIVE_STANDBY
Default: "STAND_ALONE"
deployment_spec_name Deployment Spec Name

Name of the deployment spec to be used for deployment, which specifies the OVF provided by the partner and the form factor.		 string Required
deployment_type Deployment Type

Specifies whether the service VM should be deployed on each host such that it provides partner service locally on the host, or whether the service VMs can be deployed as a cluster. If deployment_type is CLUSTERED, then the clustered_deployment_count should be provided.		 string Enum: HOSTLOCAL, CLUSTERED
Default: "CLUSTERED"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
instance_deployment_template Instance Deployment Template

The deployment template to be used during the deployment to provide customized attributes to the service VM.		 DeploymentTemplate Required
perimeter Deployment perimeter

This indicates the deployment perimeter, such as a VC cluster or a host.		 string Enum: CLUSTER, HOST
Default: "HOST"
resource_type Must be set to the value ServiceDeployment string
service_deployment_config Service Deployment Config

Deployment Config contains the deployment specification, such as the storage and network to be used along with the cluster where the service VM can be deployed.		 ServiceDeploymentConfig Required
service_id Service Id

The Service to which the service deployment is associated.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ServiceDeploymentConfig (schema)

Service Deployment Config

The Deployment Config contains settings that are applied during install time.

Name Description Type Notes
compute_collection_id Compute Collection Id

Resource Pool or cluster Id.		 string Required
compute_manager_id Compute Manager Id

Context Id or VCenter Id.		 string Required
host_id Host id

The service VM will be deployed on the specified host in the specified
server within the cluster if host_id is specified.
Note: You must ensure that storage and specified networks are accessible
by this host.
string
storage_id Storage Id

Moref of the datastore in VC. If it is to be taken from 'Agent VM Settings', then it should be empty.		 string
vm_nic_info VM NIC information

VM NIC information for VMs		 VmNicInfo

ServiceDeploymentIssue (schema)

Service deployment issue

Type of issue and detailed description of the issue in case of deployment failure.

Name Description Type Notes
issue_description Description of issue encountered while service deployment

Description of issue encountered while service deployment.		 string
issue_timestamp Timestamp when issue was encountered while service deployment

Timestamp when issue was issue encountered while service deployment.		 string
issue_type Type of issue encountered while service deployment

Type of issue encountered while service deployment.		 string Required

ServiceDeploymentListResult (schema)

ServiceDeployment list result

Result of List of ServiceDeployments

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Results

Array of existing ServiceDeployments in database
array of ServiceDeployment Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceDeploymentSpec (schema)

Service Deployment Specification.

ServiceDeployment Spec consists of information required to deploy and configure the partner appliances. viz. Deployment template, deployment spec and NIC metatdata.

Name Description Type Notes
deployment_specs Service Deployment Spec List

Deployment Specs holds information required to deploy the Service-VMs. i.e. OVF url where the partner Service-VM OVF is hosted. The host type on which the OVF can be deployed, Form factor to name a few.		 array of SVMDeploymentSpec Maximum items: 128
deployment_template Service Deployment Template

Deployment Template holds the attributes specific to partner for which the service is created. These attributes are opaque to NSX Manager.		 array of DeploymentTemplate Required
nic_metadata_list NIC Metadata

NIC metadata associated with the deployment spec.		 array of NicMetadata
svm_version Partner Service-VM version.

Partner needs to specify the Service VM version which will get deployed.		 string

ServiceDeploymentStatus (schema)

Name Description Type Notes
deployment_issues Service deployment issue

List of issue and detailed description of the issue in case of deployment failure.		 array of ServiceDeploymentIssue Readonly
deployment_status Compute collection deployment progress status

Deployment status of NXGI Partner Service-VM on a compute collection. It shows the latest status during the process of deployment, redeploy, upgrade, and un-deployment on a compute collection such as VC cluster.		 string Readonly
Enum: UPGRADE_IN_PROGRESS, UPGRADE_FAILED, DEPLOYMENT_QUEUED, DEPLOYMENT_IN_PROGRESS, DEPLOYMENT_FAILED, DEPLOYMENT_SUCCESSFUL, UNDEPLOYMENT_QUEUED, UNDEPLOYMENT_IN_PROGRESS, UNDEPLOYMENT_FAILED, UNDEPLOYMENT_SUCCESSFUL, UPGRADE_QUEUED
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
service_deployment_id Service deployment id

Id of service deployment.		 string Readonly
sva_current_version Current deployed SVA version

Currently deployed Service Virtual Appliance version.		 string
sva_max_available_version Max available SVA version

Max available SVA version for upgrade		 string

ServiceEndpoint (schema)

Name Description Type Notes
certificate Certificate or certificate chain string
certificate_sha256_thumbprint string Readonly
entities_hosted List of entities hosted on accessible through the service endpoint array of HostedEntityInfo Readonly
fqdn string Readonly
ip_address IPAddress Required
port integer Required
Minimum: 0
Maximum: 65535
service_endpoint_uuid Unique identifier of this service endpoint string Readonly

ServiceEntry (schema)

A Service entry that describes traffic

This is an abstract type. Concrete child types:
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ServiceEntry string Required
Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ServiceEntryListRequestParameters (schema)

Service entry list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceEntryListResult (schema)

Paged Collection of Service entries

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service entry list results array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceInsertionContextType (schema)

Service Insertion Context Type

Types of Service Insertion contexts. "east_west" applies to trasport_nodes in data center. "north_south" applies to logical_routers (T0/T1) in data center.

Name Description Type Notes
ServiceInsertionContextType Service Insertion Context Type

Types of Service Insertion contexts. "east_west" applies to trasport_nodes in data center. "north_south" applies to logical_routers (T0/T1) in data center.		 string Enum: east_west, north_south

ServiceInsertionDeleteParameters (schema)

Service Insertion delete parameters

Name Description Type Notes
cascade Flag to cascade delete all the child objects, associated with it. boolean Default: "False"

ServiceInsertionInsertParameters (schema)

Parameters that indicate where rule/section need to be added All the params take rule/section Id

Name Description Type Notes
id Identifier of the anchor rule or section. This is a required field in case operation like 'insert_before' and 'insert_after'. string Maximum length: 64
operation Operation string Enum: insert_top, insert_bottom, insert_after, insert_before
Default: "insert_top"

ServiceInsertionListRequestParameters (schema)

Parameters to filter list of sections/rules

Pagination and Filtering parameters to get only a subset of sections/rules.

Name Description Type Notes
applied_tos AppliedTo's referenced by this section or section's Distributed Service Rules .

Where the Distributed Service Rules are applied.(used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
destinations Destinations referenced by this section's Distributed Service Rules .

The destination value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
filter_type Filter type

Filter type defines matching criteria to qualify a rule in result. Type
'FILTER' will ensure all criterias (sources, destinations, services,
extended sources, context profiles, appliedtos) are matched. Type
'SEARCH' will match any of the given criteria.
string Enum: FILTER, SEARCH
Default: "FILTER"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
services NSService referenced by this section's Distributed Service Rules .

Specifying this returns the Rules where this NSServiceElement is used (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
sort_ascending boolean
sort_by Field by which records are sorted string
sources Sources referenced by this section's Distributed Service Rules .

The source value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string

ServiceInsertionRule (schema)

ServiceInsertion Rule

ServiceInsertion Rule.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_owner Owner of this resource OwnerResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
action Action

Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures. ALLOW_CONTINUE - Allows rules to jump from this rule. Action on matching rules in the destination category will decide next step. Application is default destination until new categories are supported to jump to. DETECT_PREVENT - Detect and Prevent IDS Signatures.		 string Required
Enum: ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT, ALLOW_CONTINUE, DETECT_PREVENT
applied_tos AppliedTo List

List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination List

List of the destinations. Null will be treated as any.		 array of ResourceReference Maximum items: 128
destinations_excluded Negation of destination

Negation of the destination.		 boolean Default: "False"
direction Rule direction

Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.		 string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Rule enable/disable flag

Flag to disable rule. Disabled will only be persisted but never provisioned/realized.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Identifier of the resource string Readonly
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.		 string Enum: IPV4, IPV6, IPV4_IPV6
Default: "IPV4_IPV6"
is_default Default rule

Flag to indicate whether rule is default.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
notes Notes

User notes specific to the rule.		 string Maximum length: 2048
priority Rule priority

Priority of the rule.		 integer Readonly
redirect_tos Redirect_Tos List

A rule can be redirected to ServiceInstance, InstanceEndpoint for North/South Traffic. A rule can be redirected to ServiceChain for East/West Traffic. For REDIRECT action, redirect_tos is mandatory. For DO_NOT_REDIRECT action, redirect_tos is optional.		 array of ResourceReference Maximum items: 1
resource_type Must be set to the value ServiceInsertionRule string
rule_tag Tag

User level field which will be printed in CLI and packet logs.		 string Maximum length: 32
section_id Section Id

ID of the section to which this rule belongs.		 string Readonly
services Service List

List of the services. Null will be treated as any.		 array of ServiceInsertionService Maximum items: 128
sources Source List

List of sources. Null will be treated as any.		 array of ResourceReference Maximum items: 128
sources_excluded Negation of source

Negation of the source.		 boolean Default: "False"

ServiceInsertionRuleList (schema)

ServiceInsertion Section RuleList

List of ServiceInsertion Rules.

Name Description Type Notes
rules List of the ServiceInsertion rules

List of ServiceInsertion rules in the section. Only homogeneous rules are supported.		 array of ServiceInsertionRule Required
Maximum items: 1000

ServiceInsertionRuleListResult (schema)

ServiceInsertion Section RuleList

List of ServiceInsertion Rules.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results ServiceInsertion rule list result

ServiceInsertion rule list result with pagination support.		 array of ServiceInsertionRule Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceInsertionSection (schema)

ServiceInsertion Section

A ServiceInsertion section composed of ServiceInsertion Rules.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_tos AppliedTo List

List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_default Default section flag

It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.		 boolean Readonly
resource_type Must be set to the value ServiceInsertionSection string
rule_count Rule count

Number of rules in this section.		 integer Readonly
section_type Section Type

Type of the rules which a section can contain. Only homogeneous sections are supported.		 string Required
Enum: LAYER2, LAYER3, L3REDIRECT, IDS
stateful Stateful nature of the distributed service rules in the section.

Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.		 boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict TCP Strict

Ensures that a three way TCP handshake is done before the data packets are sent if the value is set to be true. tcp_strict=true is supported only for stateful sections.		 boolean Default: "False"

ServiceInsertionSectionFilterParameters (schema)

Parameters to filter section from list of sections

Pagination and Filtering parameters to get only a subset of sections.

Name Description Type Notes
applied_tos AppliedTo's referenced by this section or section's Distributed Service Rules .

Where the Distributed Service Rules are applied.(used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
destinations Destinations referenced by this section's Distributed Service Rules .

The destination value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
exclude_applied_to_type Limit result to sections not having a specific AppliedTo type

Used to filter out sections not having a specified AppliedTo target type. This parameter cannot be used along with include_applied_to_type parameter. Section filter only takes a single value for this param.		 DSAppliedToType
filter_type Filter type

Filter type defines matching criteria to qualify a rule in result. Type
'FILTER' will ensure all criterias (sources, destinations, services,
extended sources, context profiles, appliedtos) are matched. Type
'SEARCH' will match any of the given criteria.
string Enum: FILTER, SEARCH
Default: "FILTER"
include_applied_to_type Limit result to sections having a specific AppliedTo type

Used to filter out results based on target type of a section's AppliedTo. Only sections with matching target type in its applied to will be returned. This parameter cannot be used along with exclude_applied_to_type parameter. Section filter only takes a single value for this param.		 DSAppliedToType
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
services NSService referenced by this section's Distributed Service Rules .

Specifying this returns the Rules where this NSServiceElement is used (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
sort_ascending boolean
sort_by Field by which records are sorted string
sources Sources referenced by this section's Distributed Service Rules .

The source value in Distributed Service Rules (used for filtering the list). Single value is supported in current release. Multiple Comma delmited values may be supported in future releases.		 string
type Section Type

Section Type with values L3REDIRECT.		 string Enum: L3REDIRECT
Default: "L3REDIRECT"

ServiceInsertionSectionListResult (schema)

ServiceInsertion Section List

List of ServiceInsertion Sections.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Section list

List of the ServiceInsertion sections. The list has to be homogeneous.		 array of ServiceInsertionSection Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceInsertionSectionQueryParameters (schema)

Section query parameters

Name Description Type Notes
cascade Flag to cascade delete of this object to all it's child objects. boolean Default: "False"

ServiceInsertionSectionRuleList (schema)

ServiceInsertion Section RuleList

List of ServiceInsertion Rules.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_tos AppliedTo List

List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.		 array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_default Default section flag

It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.		 boolean Readonly
resource_type Must be set to the value ServiceInsertionSectionRuleList string
rule_count Rule count

Number of rules in this section.		 integer Readonly
rules List of the Service Insertion rules

List of Service Insertion rules in the section. Only homogeneous rules are supported.		 array of ServiceInsertionRule Required
Maximum items: 1000
section_type Section Type

Type of the rules which a section can contain. Only homogeneous sections are supported.		 string Required
Enum: LAYER2, LAYER3, L3REDIRECT, IDS
stateful Stateful nature of the distributed service rules in the section.

Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.		 boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict TCP Strict

Ensures that a three way TCP handshake is done before the data packets are sent if the value is set to be true. tcp_strict=true is supported only for stateful sections.		 boolean Default: "False"

ServiceInsertionService (schema)

ServiceInsertion Service

Protocol on which a particular ServiceInsertion Rule should apply to.

Name Description Type Notes
is_valid Target validity

Will be set to false if the referenced NSX resource has been deleted.		 boolean Readonly
service Distributed Service Network and Security Service element

Distributed Service API accepts raw protocol and ports as part of NS service element
in Distributed Service Rule that describes traffic corresponding to an NSService.
NSServiceElement
(Abstract type: pass one of the following concrete types)
ALGTypeNSService
EtherTypeNSService
ICMPTypeNSService
IGMPTypeNSService
IPProtocolNSService
L4PortSetNSService
target_display_name Target display name

Display name of the NSX resource.		 string Readonly
Maximum length: 255
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_type Target type

Type of the NSX resource.		 string Maximum length: 255

ServiceInsertionServiceListResult (schema)

Service List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service list

List of the Service-Insertion Services. The list has to be homogenous.		 array of ServiceDefinition Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceInsertionServiceProfile (schema)

Service Profile for a Service

Service profile represents a specialization of vendor template.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attributes Service profile attributes

List of attributes specific to a partner for which the service is created. These attributes are passed on to the partner appliance and are opaque to the NSX Manager. If a vendor template exposes configurables, then the values are specified here.		 array of Attribute Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
redirection_action Redirection action

The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. The service insertion profile inherits the redirection action if already specified at the vendor template. However the service profile cannot overide the action specified at the vendor template.		 string Enum: PUNT, COPY
Default: "PUNT"
resource_type Must be set to the value ServiceInsertionServiceProfile string Required
service_id Service Id

The service to which the service profile belongs.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vendor_template_id Vendor template id

Id of the vendor template to be used by the servive profile.		 string Required

ServiceInsertionStatus (schema)

Service Insertion Status

It represents global status of Service Insertion for a particular context type. It shows whether a service insertion is enabled or not for a type.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
context Service Insertion Context Type

Type of service insertion contexts.		 ServiceInsertionContextType Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
global_status Service Insertion Status Type

service insertion status for a context type (e.g. east_west traffic).		 ServiceInsertionStatusType Required
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ServiceInsertionStatus string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ServiceInsertionStatusListResult (schema)

Service Insertion Statuses

List of service insertion statuses for a context or all context

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of ServiceInsertionStatus Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceInsertionStatusType (schema)

Service Insertion Status Type

Service Insertion status for a context type (e.g. east_west traffic).

Name Description Type Notes
ServiceInsertionStatusType Service Insertion Status Type

Service Insertion status for a context type (e.g. east_west traffic).		 string Enum: DISABLED, ENABLED

ServiceInstance (schema)

Normal Instance of a service

The deployment of a registered service. Service instance is instantiation of service. It is the most used type of instance. It is a default instance to be used when NSX handles lifecycle of appliance. Deployment and appliance related all the information is necessary.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attachment_point Attachment Point

Attachment point to be used by this service instance for deploying the Service-VM.		 string Required
Enum: TIER0_LR, TIER1_LR, SERVICE_PLANE, HOST
deployed_to Deployed-to object list

List of resource references where service instance be deployed. Ex. Tier 0 Logical Router in case of N-S ServiceInsertion.		 array of ResourceReference Required
Minimum items: 1
Maximum items: 128
deployment_mode Deployment Mode

Deployment mode specifies where the partner appliance will be deployed in HA or non-HA i.e standalone mode.		 string Required
Enum: STAND_ALONE, ACTIVE_STANDBY
Default: "ACTIVE_STANDBY"
deployment_spec_name Deployment Spec Name

Name of the deployment spec to be used by this service instance.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
implementation_type Implementation Type

Implementation to be used by this service instance for deploying the Service-VM.		 string Required
Enum: NORTH_SOUTH, EAST_WEST
instance_deployment_config Instance Deployment Config

Instance Deployment Config contains the information to be injected during Service-VM deployment. This field is optional if the service only caters to functionality EPP(Endpoint Protection) and MPS.		 InstanceDeploymentConfig
instance_deployment_template Instance Deployment Template

The deployment template to be used by this service instance. The attribute values specific to this instance can be added.		 DeploymentTemplate Required
on_failure_policy On Failure Policy

Failure policy of the service instance - if it has to be different from the service. By default the service instance inherits the FailurePolicy of the service it belongs to.		 string Enum: ALLOW, BLOCK
resource_type Must be set to the value ServiceInstance ServiceInstanceResourceType Required
service_deployment_id Id of the Service Deployment using which the instances were deployed

Id of the Service Deployment using which the instances were deployed. Its available only for instances that were deployed using service deployment API.		 string Readonly
service_id Service Id

The Service to which the service instance is associated.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type Transport Type

Transport to be used by this service instance for deploying the Service-VM. This field is to be set Not Applicable(NA) if the service only caters to functionality EPP(Endpoint Protection) and MPS.		 string Required
Enum: L2_BRIDGE, L3_ROUTED, NSH, NA

ServiceInstanceEndpoint (schema)

Service EndPoint for Byod Policy Service Instance

A ServiceInstanceEndpoint belongs to one ByodPolicyServiceInstance and is attached to one ServiceInterface. A ServiceInstanceEndpoint represents a redirection target for a RedirectionPolicy.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ServiceInstanceEndpoint string Required
Enum: VirtualEndpoint, ServiceInstanceEndpoint
service_interface_path Service Interface path

Path of Service Interface to which this ServiceInstanceEndpoint is connected.		 string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target_ips IP addresses to redirect the traffic to

IPs where either inbound or outbound traffic is to be redirected.
array of IPInfo Required
Minimum items: 1
Maximum items: 1
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ServiceInstanceEndpointListRequestParameters (schema)

ServiceInstanceEndpoint list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceInstanceEndpointListResult (schema)

Paged Collection of ServiceInstanceEndpoint

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results ServiceInstanceEndpoint list results array of ServiceInstanceEndpoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceInstanceHealthStatus (schema)

Service instance health status

Health Status of a third party partner VM.

Name Description Type Notes
connect_timestamp Timestamp when mux was connected to SVA

Latest timestamp when mux was connected to SVA.		 string
is_stale Flag is true when health status is stale

The parameter is set if the last received health status is older
than the predefined interval.
boolean Readonly
is_sva_mux_incompatible Flag is true when Mux and SVA are incompatible

Protocol version might be different in both Mux and SVA.		 boolean
mux_connected_status Context Multiplexer Status

Status of multiplexer which forwards the events from guest virtual machines to the partner appliance.		 string
mux_incompatible_version Mux incompatible version

Mux version when Mux and SVA are incompatible		 string
solution_status Third party partner solution status

Status of third party partner solution application.		 string
solution_version Solution version of partner application

Version of third party partner solution application.		 string
sync_time Health status timestamp

Latest timestamp when health status is received.		 string

ServiceInstanceListResult (schema)

Service Instance List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service-Instance list

List of the Service-Insertion ServicesInstances. The list has to be homogenous.		 array of BaseServiceInstance
(Abstract type: pass one of the following concrete types)
ByodServiceInstance
ServiceInstance
VirtualServiceInstance		 Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceInstanceNSGroups (schema)

NSGroups referenced in North-South Service Instance

ServiceInstanceNSGroups contains list of NS Groups referenced in North-South Service Insertion Rules for a particular Service Instance.

Name Description Type Notes
nsroups NSGroup List

List of NSGroups Used in ServiceInsertion Rules.		 array of NSGroupInfo Readonly

ServiceInstanceQueryParameters (schema)

Service Instance query parameters

Name Description Type Notes
deployed_to Deployed_to referenced by service instances present in system

The deployed_to attribute in Service Instance. Currently only Logical Router id is supported as deployed_to value. Single value is supported in current release.		 string
service_deployment_id Service Deployment Id using which the instances were deployed

Service Deployment Id using which the instances were deployed. Single value is supported in current release.		 string

ServiceInstanceResourceType (schema)

Resource types of Service Instance

ServiceInstance is used when NSX handles the lifecyle of
appliance. Deployment and appliance related all the information is necessary.
ByodServiceInstance is a custom instance to be used when NSX is not handling
the lifecycles of appliance/s. User will manage their own appliance (BYOD)
to connect with NSX.
VirtualServiceInstance is a a custom instance to be used when NSX is not
handling the lifecycle of an appliance and when the user is not bringing
their own appliance.

Name Description Type Notes
ServiceInstanceResourceType Resource types of Service Instance

ServiceInstance is used when NSX handles the lifecyle of
appliance. Deployment and appliance related all the information is necessary.
ByodServiceInstance is a custom instance to be used when NSX is not handling
the lifecycles of appliance/s. User will manage their own appliance (BYOD)
to connect with NSX.
VirtualServiceInstance is a a custom instance to be used when NSX is not
handling the lifecycle of an appliance and when the user is not bringing
their own appliance.
string Enum: ServiceInstance, ByodServiceInstance, VirtualServiceInstance

ServiceInstanceStatus (schema)

Name Description Type Notes
configuration_issue Collection of configuration issues during service instance deployment

This object contains the list of issues which might come during post deployment configuration for a particular service instance.		 SVMConfigureIssue Readonly
instance_deployment_status Deployment status of a Service Instance

Deployment status of NXGI Partner Service-VM.		 ServiceDeploymentStatus Readonly
instance_health_status Health status of a Service Instance

Health status of NXGI components on Partner Service-VM.		 ServiceInstanceHealthStatus Readonly
service_instance_id Service instance id

Id of an instantiation of a registered service.		 string Readonly

ServiceInterface (schema)

Service interface configuration

Service interface configuration for internal connectivity.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
dhcp_relay_path policy path of referenced dhcp-relay-config

Policy path of dhcp-relay-config to be attached to this Interface.
string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ServiceInterface string
subnets IP address and subnet specification for interface

Specify IP address and network prefix for interface.
array of InterfaceSubnet Required
Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ServiceInterfaceListResult (schema)

Paged collection of Service Interfaces

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service Interface list results array of ServiceInterface Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceListRequestParameters (schema)

Service list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
default_service Fetch all default services

If set to true, then it will display only default services.
If set to false, then it will display all user defined services.
If it is not provided, then complete (default as well as user
defined) list of services will be displayed.
boolean
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceListResult (schema)

Paged Collection of Services

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service list results array of Service Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceManager (schema)

Definition of a Service Manager

Partner console endpoint information for enabling NSX to callback with events and status.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
authentication_scheme Scheme to authenticate requests sent to the server

A CallbackAuthenticationScheme that describes how notification requests/callbacks from NSX, should authenticate to the server.		 CallbackAuthenticationScheme Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
port Integer port value to specify a HTTPS port

Integer port value to specify a standard/non-standard HTTPS port.		 integer Required
Minimum: 0
Maximum: 65535
resource_type Must be set to the value ServiceManager string
server IP address or fully qualified domain name of server

IP address or fully qualified domain name of the partner REST server.		 string Required
service_ids Service IDs

The IDs of services, provided by partner.		 array of ResourceReference Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
thumbprint Thumbprint of the certificate for partner console

Thumbprint (SHA-256 hash represented in lower case hex) for the certificate on the partner console. This will be required to establish secure communication with the console and to avoid man-in-the-middle attacks.		 string
uri URI notification requests should be made on the server

URI on which notification requests should be made on the specified server.		 string Required
vendor_id Vendor ID

Id which is unique to a vendor or partner for which the service is created.		 string Readonly

ServiceManagerListResult (schema)

Service Manager List Result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service manager list

List of the Service-managers.		 array of ServiceManager Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServicePath (schema)

Service path

An instance of service chain that consists of forward and reverse service paths.

Name Description Type Notes
forward_path Forward service path

Forward service path if available that applies to ingress traffic.		 UnidirectionalServicePath Readonly
reverse_path Reverse Service Path

Reverse service path if available that applies to egress traffic.		 UnidirectionalServicePath Readonly
service_chain_id Service chain id

A unique id of a service chain.		 integer Readonly
service_chain_uuid Uuid of a service chain

Uuid of a service chain.		 string Readonly
service_path_id Service path id

Unique identifier of a service path.		 integer Readonly

ServicePathHop (schema)

Service path hop

Represents a service VM implementing a particular service in a service chain

Name Description Type Notes
action Action

Action that will be taken by the corresponding service VM of the hop.		 string Readonly
Enum: SERVICE_ACTION_INVALID, COPY, REDIRECT
can_decrement_si SI decrement flag

Indicating whether service is configured to decrement SI field in NSH metadata.		 boolean Readonly
in_maintenance_mode Maintenance mode flag

Indicating the maintenance mode of the corresponding service VM.		 boolean Readonly
is_active_from_ccp Active flag managed by CCP

Indicating whether the corresponding service VM is active or not per CCP.		 boolean Readonly
is_active_from_dp Active flag managed by DP

Indicating whether the corresponding service VM is active or not per DP.		 boolean Readonly
is_active_from_mp Active flag managed by MP

Indicating whether the corresponding service VM is active or not per MP.		 boolean Readonly
mac_address MAC address of the virtual network interface.

MAC address of the virtual network interface.		 string Readonly
nsh_liveness_support NSH liveness flag

Indicating whether NSH liveness is supported or not by the corresponding service VM.		 boolean Readonly
vif Virtual interface id

ID of the virtual network interface.		 string Readonly

ServicePathListResult (schema)

Service path list

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service Path list

List of homogenous service paths		 array of ServicePath Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceProfileGroups (schema)

Groups used in Service Profile

ServiceProfileGroups contains list of Groups referenced in Service Insertion Rules.To be considered, Service profile must be part of a Service chain and that Service chain must be used in a Rule.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
groups Group Info List

List of Groups Used in ServiceInsertion Rules.		 array of GroupInfo Readonly
id Unique identifier of this resource string Sortable
resource_type Must be set to the value ServiceProfileGroups string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ServiceProfileNSGroups (schema)

NSGroups used in Service Profile

ServiceProfileNSGroups contains list of NS Groups referenced in Service Insertion Rules. To be considered, Service profile must be part of a Service Chain and that Service chain must be used in a Rule.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
nsroups NSGroup List

List of NSGroups Used in ServiceInsertion Rules.		 array of NSGroupInfo Readonly
resource_type Must be set to the value ServiceProfileNSGroups string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

ServiceReference (schema)

An anchor object representing the intent to consume a given 3rd party service.

An anchor object representing the intent to consume a given 3rd party service.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildPolicyServiceProfile
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Operational state of the Service.

A Service's operational state can be enabled or disabled. Note that would work only for NetX type of services and would not work for Guest Introsp- ection type of Services. TRUE - The Service should be enabled FALSE - The Service should be disabled		 boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
partner_service_name Name of Partner Service

Unique name of Partner Service to be consumed for redirection.		 string Required
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ServiceReference string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ServiceReferenceListRequestParameters (schema)

Service reference list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceReferenceListResult (schema)

Service Reference List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service Reference list results array of ServiceReference Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceRouterAllocationConfig (schema)

Name Description Type Notes
allocation_pool Edge Cluster Member Allocation Pool for logical router

Logical router allocation can be tracked for specific services and
services may have their own hard limits and allocation sizes. For
example load balancer pool should be specified if load balancer
service will be attached to logical router.
EdgeClusterMemberAllocationPool
(Abstract type: pass one of the following concrete types)
LoadBalancerAllocationPool
edge_cluster_id Edge cluster id to re allocate members

To reallocate TIER1 logical router on new or existing edge cluster
string Required
edge_cluster_member_indices Member indices of the edge node on the cluster

For TIER 1 logical router, for manual placement of service router
within the cluster, edge cluster member indices needs to be provided
else same will be auto-allocated. You can provide maximum two indices
for HA ACTIVE_STANDBY.
array of integer

ServiceSegment (schema)

Service Segment configuration

Service Segment configuration to attach Service Insertion VM.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
lr_paths Policy paths of logical routers

Policy paths of logical routers or ports | to which this Service Segment can be connected.		 array of string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ServiceSegment string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_zone_path Policy path to the transport zone

Policy path to transport zone. Only overlay transport zone is supported.		 string Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ServiceSegmentListRequestParameters (schema)

Service Segment list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ServiceSegmentListResult (schema)

Paged collection of Service Segment

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service Segment list results array of ServiceSegment Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ServiceType (schema)

Supported service types, that are using certificates.

Name Description Type Notes
ServiceType Supported service types, that are using certificates. string Enum: MGMT_CLUSTER, MGMT_PLANE, API, NOTIFICATION_COLLECTOR, SYSLOG_SERVER, RSYSLOG_CLIENT, APH, GLOBAL_MANAGER, LOCAL_MANAGER, CLIENT_AUTH, RMQ, K8S_MSG_CLIENT, WEB_PROXY

ServiceVMStateParameters (schema)

Service VM maintenance mode setting parameters

Name Description Type Notes
action You could use this parameter to set a servcie VM in maintenance mode
or exit from maintenance mode, or set a service VM health state to indicate whether the
service VM is running properly or not.
'enable_maintenance_mode' will set service VM in maintenance mode.
'disable_maintenance_mode' will exit from maintenance mode.
'is_healthy' will set runtime health state by partner of a service VM to be healthy.
'is_stopped' will set runtime health state by partner of a service VM to be stopped.
'is_not_responding' will set runtime health state by partner of a service VM to be not responding.
string Enum: enable_maintenance_mode, disable_maintenance_mode, is_healthy, is_stopped, is_not_responding
unhealthy_reason Reason for the unhealthy state

Reason for the unhealthy state.		 string Maximum length: 500

SessionLoginCredential (schema)

A login credential specifying session_id

Details of session based login credential to login to server.

Name Description Type Notes
credential_type Must be set to the value SessionLoginCredential string Required
session_id The session_id to login to server

The session_id to login to server.		 string
thumbprint Thumbprint of the login server

Thumbprint of the login server.		 string Pattern: "^(([0-9A-Fa-f]{2}[:])+([0-9A-Fa-f]{2}))?$"

SessionSummaryParameters (schema)

IPSec VPN session summary parameters

IPSec VPN session summary parameters.

Name Description Type Notes
site_id Peer site id

Peer site id.		 string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType

SessionTimerProfileBindingListResult (schema)

Paged Collection of session timer profile binding maps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Session timer profile binding maps list results array of SessionTimerProfileBindingMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SessionTimerProfileBindingMap (schema)

Policy Session Timer Profile binding map

This entity will be used to establish association between Session Timer
profile and Logical Routers.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SessionTimerProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SetFields (schema)

Set Fields

Set Fields is an action to set fields of the source event.

Name Description Type Notes
field_settings Field Settings

Field Settings.		 array of FieldSetting Minimum items: 1
resource_type Must be set to the value SetFields string Required
Enum: PatchResources, SetFields

SetInterSiteAphCertificateRequest (schema)

Data for setting Appliance Proxy certificate for inter-site communication

Name Description Type Notes
cert_id Certificate ID

ID of the certificate that is already imported.		 string Required
Readonly
used_by_id Node ID

ID of the node that this certificate is used on.		 string Required
Readonly

SetPrincipalIdentityCertificateForFederationRequest (schema)

Data for setting a principal identity certificate

Name Description Type Notes
cert_id Id of the certificate string Required
Readonly
service_type Service type for which the certificate should be used. PIServiceType Required
Readonly

SetTargetVdsTopologyParameters (schema)

Parameters to set target vds topology

Name Description Type Notes
cluster_id cluster identifier string
use_recommended_topology_config Flag to indicate if use recommended topology got from the latest precheck boolean

SetupDetails (schema)

Setup details of nsx appliance.

Contains Setup details of nsx appliance.

Name Description Type Notes
principal_identity User principal.

User principal.
string

SftpProtocol (schema)

Name Description Type Notes
authentication_scheme Scheme to authenticate if required PasswordAuthenticationScheme Required
name Must be set to the value SftpProtocol string Required
Enum: http, https, scp, sftp
ssh_fingerprint SSH fingerprint of server string Required

ShaDynamicPlugin (schema)

Sha dynamic Plugin

Define a kind of dynamic Sha plugin.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_to_group_path Binding Policy group path

The Policy group path to apply the changes on Sha Plugin.
It can be pre-defined plugin or dynamic created plugin.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_plugin_uploaded Flag to show the dynamic plugin status

Flag to show the dynamic plugin zip file is uploaded.
boolean Readonly
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ShaDynamicPlugin string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ShaDynamicPluginListRequestParameters (schema)

Sha plugin profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ShaDynamicPluginListResult (schema)

Paged list of Sha dynamic plugin list.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Sha dynamic plugin list results array of ShaDynamicPlugin Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ShaDynamicPluginProfile (schema)

Dynamic created plugin profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_to_group_path Binding Policy group path

The Policy group path to apply the changes on Sha Plugin.
It can be pre-defined plugin or dynamic created plugin.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
config Plugin configuration

Define the plugin configurtion.		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Plugin Enablement Flag

The on-off switch of System Health Plugin		 boolean Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
plugin_path Plugin path

The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.
string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ShaDynamicPluginProfile ShaPluginType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ShaPluginProfile (schema)

Abstract base type for System Health plugin profil of different types

The ShaPluginProfile is the base class for System Health plugin profile
This is an abstract type. Concrete child types:
ShaDynamicPluginProfile
ShaPredefinedPluginProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_to_group_path Binding Policy group path

The Policy group path to apply the changes on Sha Plugin.
It can be pre-defined plugin or dynamic created plugin.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Plugin Enablement Flag

The on-off switch of System Health Plugin		 boolean Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
plugin_path Plugin path

The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.
string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ShaPluginProfile ShaPluginType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ShaPluginProfileListRequestParameters (schema)

Sha plugin profile request parameters

Name Description Type Notes
applied_to_group_path String Path of the Policy group path

The path of the Policy group path from which the list of members needs
to be fetched.
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
plugin_path String Path of the sha plugin

The path of the sha plugin path from which the list of members needs
to be fetched.
string
sort_ascending boolean
sort_by Field by which records are sorted string

ShaPluginProfileListResult (schema)

Paged list of Sha plugin profiles.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Sha plugin profile list results array of ShaPluginProfile
(Abstract type: pass one of the following concrete types)
ShaDynamicPluginProfile
ShaPredefinedPluginProfile		 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ShaPluginType (schema)

Valid System Health plugin types

Name Description Type Notes
ShaPluginType Valid System Health plugin types string Enum: PredefinedPlugin, DynamicPlugin

ShaPreDefinedPluginListResult (schema)

Paged list of Sha pre-defined plugin list.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Sha plugin list results array of ShaPredefinedPlugin Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ShaPredefinedPlugin (schema)

System pre-defined plugin config

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
config Plugin configuration

Define the plugin configurtion detail.		 ShaPredefinedPluginProfileData Readonly
delay_on_reboot The delay after reboot

The corresponding plugin will wait for config seconds after reboot.
integer Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Profile Enablement Flag

The on-off switch of Sha plugin		 boolean Readonly
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pre_req_conditions The pre-req conditions

Display the pre-req conditions to run the predefined plugin.
array of PreReqCondition Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ShaPredefinedPlugin string
supported_node_types The supported node types

Display the running node types of predefined plugin.
array of NsxtNodeType Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ShaPredefinedPluginListRequestParameters (schema)

Sha plugin request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

ShaPredefinedPluginProfile (schema)

System predefined plugin profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
applied_to_group_path Binding Policy group path

The Policy group path to apply the changes on Sha Plugin.
It can be pre-defined plugin or dynamic created plugin.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
config Plugin configuration

Define the plugin configurtion.		 ShaPredefinedPluginProfileData Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Plugin Enablement Flag

The on-off switch of System Health Plugin		 boolean Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
plugin_path Plugin path

The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.
string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value ShaPredefinedPluginProfile ShaPluginType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

ShaPredefinedPluginProfileData (schema)

System Health Plugin Config Item

Describes a config item for System Health profile.

Name Description Type Notes
check_interval The check interval

The interval of plugin to check the status.		 integer
report_interval The report interval

The interval of plugin to report the status.		 integer
smallest_report_interval_if_change The smallest report interval

The smallest report interval if the status is changed.
The value of smallest_report_interval_if_change should be
less than the value of report_interval
integer

Site (schema)

Site

Site represents an NSX deployment having its own set of NSX clusters and
transport nodes. It may correspond to a Data Center, VMC deployment, or
NSX-Cloud deployment managed via CSM.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildEnforcementPoint
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
fail_if_rtep_misconfigured Fail onboarding if RTEPs misconfigured

Both the local site and the remote site must have edge clusters correctly
configured and remote tunnel endpoint (RTEP) interfaces must be defined,
or onboarding will fail.
boolean Default: "True"
fail_if_rtt_exceeded Fail onboarding if maximum RTT exceeded

Fail onboarding if maximum RTT exceeded.
boolean Default: "True"
federation_config Federation releated config

System managed federation config.		 GmFederationSiteConfig Readonly
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
maximum_rtt Maximum acceptable packet round trip time (RTT)

If provided and fail_if_rtt_exceeded is true, onboarding of the site will
fail if measured RTT is greater than this value.
integer Minimum: 0
Maximum: 1000
Default: "250"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Site string
site_connection_info Connection information

To onboard a site, the connection information (username, password,
and API thumbprint) for at least one NSX manager node in the remote
site must be provided. Once the site has been successfully onboarded,
the site_connection_info is discarded and authentication to the
remote site occurs using an X.509 client certificate.
array of SiteNodeConnectionInfo Maximum items: 3
site_number 12-bit system generated site number integer Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SiteActionParameters (schema)

Paramters for Site delete operation

If force=true then site will be deleted even if not reachable.
NOTE - Use this with caution as Global Manager will go ahead and
offboard the site forcefully.

Name Description Type Notes
force boolean

SiteAllocationIndexForEdge (schema)

Allocation index for edge

Index for cross site allocation for edge cluster
and its members referred by gateway.

Name Description Type Notes
index Unique index across sites for gateway span

Unqiue edge cluster node index across sites based on stretch of the
Gateway. For example, if a Gateway is streched to sites S1 with one
edge cluster of 3 nodes and site S2 with one edge cluster of 2 nodes,
the in the Global Manager will allocate the index for 5 edge nodes
and 2 cluster in the rage 0 to 7.
integer Readonly
target_resource_path Edge cluster or edge node path string Readonly

SiteCompatibilityInfo (schema)

Name Description Type Notes
compatibility_list Compatibility list array of string
site_version Site version string

SiteFederationConfig (schema)

Site fedeation configuration

Site fedeation configuration.

Name Description Type Notes
rtep_ips Remote tunnel endpoint IP addresses array of IPAddress Readonly
site_id Site UUID string Readonly
site_index Unique site index allocated (from range 0-4095) integer Readonly
site_path Site path string Readonly

SiteListRequestParameters (schema)

Site List Request Parameters

Site list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SiteListResult (schema)

Paged Collection of Sites

Paged Collection of Sites.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Site List Result

Site list result.		 array of Site Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SiteNodeConnectionInfo (schema)

Site Node Connection Info

Credential info to connect to a node in the federated remote site.

Name Description Type Notes
fqdn Fully Qualified Domain Name of the Management Node

Please specify the fqdn of the Management Node of your site.
string Required
password Password

Password to connect to Site's Local Manager.		 string
thumbprint Thumbprint of Enforcement Point

Thumbprint of Site's Local Manager in the form of a SHA-256 hash represented in lower case HEX.
string
username Username

Username to connect to Site's Local Manager.		 string

SiteOffBoardingState (schema)

Represents site offboarding status.

Represents site offboarding status.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
message Message about the status.

Captures message associated with status.
If FAILED, can contain folowing errors
local site configuration is null
internal server error with detail
string Readonly
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
previousErrorMessage Previous failure message.

Contains previus failed message in case,
state machine is stuck in a state
string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SiteOffBoardingState string
status Status of site.

Represents site offboarding status.
string Readonly
Enum: INITIALIZE_INPROGRESS, INITIALIZE_FAILED, INITIALIZE_SUCCESSFUL, CLEANUP_INPROGRESS, CLEANUP_FAILED, CLEANUP_SUCCESSFUL, REALIZATION_INPROGRESS, REALIZATION_FAILED, REALIZATION_SUCCESSFUL, TERMINAL_INPROGRESS, TERMINAL_FAILED, FAILED, SUCCESSFUL
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SiteOverride (schema)

IPSecVpn Site Override Parameters

IPSecVPN site specific attributes specified only on GM. This allows user to specify site specific parameters which overrides the correspondig attributes in the IPSecVpnSession Object.

Name Description Type Notes
local_endpoint_path Local endpoint path

Policy path referencing Local endpoint.		 string Required
locale_service_path Locale service policy path

Policy path referencing LocateService where SiteOverride attributes will be applied		 string Required
peer_address IPV4 address of peer endpoint on remote site

Public IPV4 address of the remote device terminating the VPN connection.		 string Required
peer_id Peer id

Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.		 string Required
tunnel_interfaces IP Tunnel interfaces

IP Tunnel interfaces. This property is mandatory for RouteBasedIpSecVpn session.		 array of IPSecVpnTunnelInterface Minimum items: 1
Maximum items: 1

SiteRequestParameter (schema)

Request parameter to get flow to a given Site

User can get flow details from the Site where API invoked to a given
Site by specifying the Site policy path.

Name Description Type Notes
site_path Policy path of the Site object string

SiteStatus (schema)

Name Description Type Notes
site_name Site name string Required
stubs Connection status array of StubStatus

SnatTranslationType (schema) (Deprecated)

Snat translation type

Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are two modes:
LbSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LbSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.

Name Description Type Notes
SnatTranslationType Snat translation type

Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are two modes:
LbSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LbSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.
string Deprecated
Enum: LbSnatAutoMap, LbSnatIpPool

SnmpProperties (schema)

SNMP Service properties

This object contains SNMP v2c and SNMP v3 properties.

Name Description Type Notes
v2c SNMP v2c properties Snmpv2cProperties
v3 SNMP v3 properties Snmpv3Properties

SnmpServiceProperties (schema)

SNMP Service properties

Name Description Type Notes
communities SNMP v1, v2c community strings array of string Maximum items: 1
start_on_boot Start when system boots boolean Required
v2_configured SNMP v2 is configured or not boolean Readonly
v3_auth_protocol SNMP v3 auth protocol string Required
Enum: SHA1
Default: "SHA1"
v3_configured SNMP v3 is configured or not boolean Readonly
v3_priv_protocol SNMP v3 private protocol string Required
Enum: AES128
Default: "AES128"
v3_users V3 users

SNMP v3 users information		 array of SnmpV3User Maximum items: 1

SnmpV3User (schema)

SNMP v3 user

SNMP v3 user properties

Name Description Type Notes
auth_password Auth password

SNMP v3 user auth password		 string
priv_password Private password

SNMP v3 user private password		 string
user_id User ID

SNMP v3 user ID		 string Required

Snmpv2cCommunity (schema)

SNMP v2c community

This object contains SNMP v2c community identifier, shared secret and access properties.

Name Description Type Notes
access Type of access

Access permissions for polling NSX nodes over SNMP v2c.		 string Enum: READ_ONLY
Default: "READ_ONLY"
community_name Community name

Unique, non-sensitive community name to identify community.		 string Required
Minimum length: 1
Maximum length: 64
community_string Community string

Community string. This is considered a shared secret and therefore sensitive information. This field is required when adding a community. When updating a community, do not include this field in the request. If this field is present in an update request, it will be considered as a new value for community string.		 string Minimum length: 1
Maximum length: 64

Snmpv2cProperties (schema)

SNMP v2c properties

This object contains list of SNMP v2c communities used to poll NSX nodes over SNMP and list of SNMP v2c targets used to receive SNMP traps/notifications from NSX nodes.

Name Description Type Notes
communities SNMP v2c communities

List of SNMP v2c communities allowed to poll NSX nodes over SNMP v2c.		 array of Snmpv2cCommunity Maximum items: 10
targets SNMP v2c targets

List of SNMP v2c targets/receivers where SNMP v2c traps/notifications will be sent from NSX nodes.		 array of Snmpv2cTarget Maximum items: 3

Snmpv2cTarget (schema)

SNMP v2c target

This object contains SNMP v2c target/receiver where SNMP traps/notifications will be sent.

Name Description Type Notes
community_name Community name

Unique non-sensitive community name to identify community.		 string Required
Minimum length: 1
Maximum length: 64
community_string Community string

Community string (shared secret). This field is required when adding a community target. When updating a community target, do not include this field in the request. If this field is present in an update request, it will be considered as a new value for community string.		 string Minimum length: 1
Maximum length: 64
port SNMP v2c target server port

SNMP v2c target server's port number.		 integer Minimum: 1
Maximum: 65535
Default: "162"
server SNMP v2c target server

SNMP v2c target server's IP or FQDN.		 HostnameOrIPv4Address Required

Snmpv3Properties (schema)

SNMP v3 properties

This object contains list of SNMP v3 users used to poll NSX nodes over SNMP and list of SNMP v3 targets used to receive SNMP traps/notifications from NSX nodes. Users specified in a SNMP v3 target must exist in the list of SNMP v3 users.

Name Description Type Notes
auth_protocol Authentication protocol

Authentication protocol used for SNMP v3 communication.		 string Enum: SHA1
Default: "SHA1"
priv_protocol Privacy protocol

Privacy protocol used for SNMP v3 communication.		 string Enum: AES128
Default: "AES128"
targets SNMP v3 targets

List of SNMP v3 targets/receivers where SNMP v3 traps/notifications will be sent from NSX nodes.		 array of Snmpv3Target Maximum items: 3
users SNMP v3 users

List of SNMP v3 users allowed to poll NSX nodes over SNMP. Also, users specified in a SNMP v3 target must exist in this list.		 array of Snmpv3User Maximum items: 5

Snmpv3Target (schema)

SNMP v3 target

This object contains SNMP v3 target/receiver where SNMP traps/notifications will be sent.

Name Description Type Notes
port SNMP v3 target server port

SNMP v3 target server's port.		 integer Minimum: 1
Maximum: 65535
Default: "162"
security_level Security level

Security level indicates whether SNMP communication involves authentication and privacy protocols for this user. Value "AUTH_PRIV" indicates both authentication and privacy protocols will be used for SNMP communication.		 string Enum: AUTH_PRIV
Default: "AUTH_PRIV"
server SNMP v3 target server

SNMP v3 target server's IP or FQDN.		 HostnameOrIPv4Address Required
user_id Existing SNMP v3 user id

SNMP v3 user id used to notify target server. This SNMP v3 user should already be added in this profile.		 string Required
Minimum length: 1
Maximum length: 32

Snmpv3User (schema)

SNMP v3 user

This object contains properties for a SNMP v3 user that can be used to receive SNMP traps/notifications from NSX and/or poll NSX nodes over SNMP.

Name Description Type Notes
access Type of access

Access permissions for polling NSX nodes over SNMP v3.		 string Enum: READ_ONLY
Default: "READ_ONLY"
auth_password Authentication password

Authentication password used for SNMP v3 communication. This field is required when adding a user. When updating a user, do not include this field in the request. If this field is present in an update request, it will be considered as a new value for authentication password.		 string
priv_password Privacy password

Privacy password used for SNMP v3 communication. This field is required when adding a user. When updating a user, do not include this field in the request. If this field is present in an update request, it will be considered as a new value for privacy password.		 string
security_level Security level

Security level indicates whether SNMP communication involves authentication and privacy protocols for this user. Value "AUTH_PRIV" indicates both authentication and privacy protocols will be used for SNMP communication.		 string Enum: AUTH_PRIV
Default: "AUTH_PRIV"
user_id User ID

Unique SNMP v3 user id.		 string Required
Minimum length: 1
Maximum length: 32

SoftwareModule (schema)

Software module details

Name Description Type Notes
module_name Name of the module in the node string Required
module_version Version of the module in the node string Required

SoftwareModuleResult (schema)

Software module result

Name Description Type Notes
software_modules Software module results array of SoftwareModule Required

SolutionConfig (schema)

Solution Configuration Info

Solution Config would contain Vendor specific information required for configuring the NXGI partner Service after deployment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
control_ip Control IP

Partner needs to specify their assigned control IP with which they have configured their OVFs.		 IPv4Address Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
listen_port Port

Partner needs to specify their port on which their solution application which consumes NXGI EPSec library listens.		 int Required
Minimum: 48651
Maximum: 48655
resource_type Must be set to the value SolutionConfig string
service_id Service Id

The service to which the solution config belongs.		 string Readonly
solution_id Solution Id

Partner needs to specify Solution Id assigned by VMware.		 string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

SolutionConfigListResult (schema)

Solution Config List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Solution Config List

List of the Solution Config.		 array of SolutionConfig Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Source (schema)

Event Source

Source that is logically deemed to be the "object" upon which the
Event in question initially occurred upon. The Source is responsible
for providing information of the occurred event. Some example sources
include:
- Resource.
- API.
This is an abstract type. Concrete child types:
ApiRequestBody
ResourceOperation

Name Description Type Notes
resource_type Resource Type

Event Source resource type.
string Required
Enum: ResourceOperation, ApiRequestBody

SourceEntity (schema)

Source entity

Service insertion data path inserts unique 'source node id' value into each packet before it received by Service VM. This value can be resolved to multiple Source Entities. It represents source of the packets.

Name Description Type Notes
source_entity_id Source entity ID

UUID of Source entity		 string Required
Readonly
source_entity_type Source entity type

Type of source entity. Currently source value can be resolved to VIF and Virtual Machine.		 string Required
Readonly
Enum: VIRTUAL_NETWORK_INTERFACE, VIRTUAL_MACHINE

SourceEntityQueryParameters (schema)

Source entity query parameters

Name Description Type Notes
source_node_value value

unique value representing source node		 string Required

SourceEntityResult (schema)

Service Entity List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service Entity List

List of the Service Entities		 array of SourceEntity Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SourceFieldEvaluation (schema)

Source Field Evaluation

Source Field Evaluation represents an evaluation on resource fields.
A source field evaluation will be evaluated against an Event Source which
is of type Resource Operation. For instance, the attribute constraint could
be related to the necessity that one of the source fields equals one of the
specified values.

Name Description Type Notes
expected Operator Arguments

Expected values necessary to apply the specified operation on the source field value.
array of string Required
Minimum items: 1
Maximum items: 1
field_pointer Field Pointer

Field in the form of a pointer, describing the location of the attribute within the source
of the event.
string Required
operator Logical Operator

Logical operator.		 string Required
Enum: EQ, NOT_EQ
resource_type Must be set to the value SourceFieldEvaluation string Required
Enum: SourceFieldEvaluation

SourceIpPersistencePurge (schema)

source ip persistence purge setting

If the persistence table is full and a new connection without a matching persistence entry is received, then by default(FULL) oldest persistence entries are purged from the table to make space for new entries. Each time purging gets triggered, a small percentage of the entries are purged. If purging is disabled(NO_PURGE) and a new incoming connection requires a persistence entry to be created, then that connection is rejected even though backend servers are available.

Name Description Type Notes
SourceIpPersistencePurge source ip persistence purge setting

If the persistence table is full and a new connection without a matching persistence entry is received, then by default(FULL) oldest persistence entries are purged from the table to make space for new entries. Each time purging gets triggered, a small percentage of the entries are purged. If purging is disabled(NO_PURGE) and a new incoming connection requires a persistence entry to be created, then that connection is rejected even though backend servers are available.		 string Enum: NO_PURGE, FULL

SourceNsxApiEndpoint (schema)

Source NSX manager details

Details about an existing NSX manager to be migrated

Name Description Type Notes
auth_token Source NSX auth token

Auth token used to make REST calls to the source NSX API endpoint. This field is not applicable in case of vSphere network migration. Please generate the token with a sufficiently large duration so that it does not expire in the middle of the migration. If it does expire, then the token needs to be refreshed manually by invoking this API again with a new token. Alternatively, you can provide the username/password of the source NSX.		 string
ip Source NSX API endpoint IP address

IP address or hostname of a source NSX API endpoint. This field is not applicable in case of vSphere network migration.		 string Format: hostname-or-ip
nsx_password Password for NSX manager

Password for connecting to NSX manager. This field is not applicable in case of vSphere network migration.		 string
nsx_syncrole Source NSX API endpoint Universal Sync role

Signifies Universal Sync role status (STANDALONE, PRIMARY, SECONDARY) of a source NSX API endpoint.		 string Readonly
nsx_username Username for NSX manager

Username for connecting to NSX manager. This field is not applicable in case of vSphere network migration.		 string
nsx_version Source NSX API endpoint build version

Build version (major, minor, patch) of a source NSX API endpoint.		 string Readonly
vc_ip VC IP address or host name

IP address or host name of VC.		 string Format: hostname-or-ip
vc_password Password for VC

Password for connecting to VC.		 string
vc_port VC port

VC port that will be used to fetch details.		 int Default: "443"
vc_username Username for VC

Username for connecting to VC.		 string
vc_version VC build version

Build version of VC.		 string Readonly

SpacerWidgetConfiguration (schema)

Spacer widget Configuration

Represents configuration for spacer widget. For this widget the data source is not applicable. This widget can be use to add the space inside the dashboard container.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value SpacerWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

Span (schema)

Represents strech information for federated entity.

Represents the strech information for a federated entity
available only on local manager.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Span string
sites List of SpanSiteInfos

List of SpanSiteInfos representing the strech of the entity.
array of SpanSiteInfo Readonly
span_leader Policy resource type of span leader

Represents Policy resource type streached entity's span leader.
string Readonly
span_resource Policy resource path

Represents Policy resource path of streached entity.
string Readonly
span_resource_type Policy resource type

Policy resource type of the streached entity.
string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SpanSiteInfo (schema)

Represents Site resource for Span entity.

Represents the Site resource information for a Span entity
including both the internal id as well as the site path.

Name Description Type Notes
site_id Internal ID of the Site resource

Site UUID representing the Site resource
string Readonly
site_path Path of the Site resource

Path of the Site resource
string Readonly

SpoofGuardProfile (schema)

SpoofGuard Profile

SpoofGuard is a tool that is designed to prevent virtual machines in your
environment from sending traffic with IP addresses which are not authorized
to send traffic from. A SpoofGuard policy profile once enabled blocks the
traffic determined to be spoofed.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
address_binding_allowlist Enable SpoofGuard

If true, enable the SpoofGuard, which only allows VM sending traffic
with the IPs in the whitelist. This value cannot conflict with whitelist.
boolean Required
Default: "False"
address_binding_whitelist Enable SpoofGuard

If true, enable the SpoofGuard, which only allows VM sending traffic
with the IPs in the whitelist. This field is deprecated because it
has offensive terminology. Please use address_binding_allowlist.
This value cannot conflict with allow list.
boolean Deprecated
Required
Default: "False"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value SpoofGuardProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

SpoofGuardProfileListRequestParameters (schema)

SpoofGuard profile request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

SpoofGuardProfileListResult (schema)

Paged collection of SpoofGuard profiles

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results SpoofGuard profile list results array of SpoofGuardProfile Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SpoofGuardSwitchingProfile (schema) (Deprecated)

SpoofGuard configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
required_capabilities array of string Readonly
resource_type Must be set to the value SpoofGuardSwitchingProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
white_list_providers List of providers for white listed address bindings. array of WhiteListProvisionType Required

SshKeyBaseProperties (schema)

Name Description Type Notes
label SSH key label (used to identify the key) string Required
password Current password for user (required for users root and admin) string

SshKeyProperties (schema)

Name Description Type Notes
label SSH key label (used to identify the key) string Required
password Current password for user (required for users root and admin) string
type SSH key type string Required
Pattern: "^(ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-dss|ssh-ed25519|ssh-rsa)$"
value SSH key value string Required

SshKeyPropertiesListResult (schema)

SSH key properties query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results SSH key properties query results array of SshKeyProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SshServiceProperties (schema)

SSH Service properties

Name Description Type Notes
root_login Permit SSH Root login boolean
start_on_boot Start service when system boots boolean Required

SslCipher (schema) (Deprecated)

SSL cipher

Name Description Type Notes
SslCipher SSL cipher string Deprecated
Enum: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

SslCipherGroup (schema) (Deprecated)

SSL cipher group

Name Description Type Notes
SslCipherGroup SSL cipher group string Deprecated
Enum: BALANCED, HIGH_SECURITY, HIGH_COMPATIBILITY, CUSTOM

SslProtocol (schema) (Deprecated)

SSL protocol

Name Description Type Notes
SslProtocol SSL protocol string Deprecated
Enum: SSL_V2, SSL_V3, TLS_V1, TLS_V1_1, TLS_V1_2

StageUpgradeRequestParameters (schema)

Stage upgrade request parameters

Parameters specified during upgrade staging request

Name Description Type Notes
component_type Component type

Type of the component		 string

StandaloneHostIdfwConfiguration (schema)

Standalone host idfw configuration

Idfw configuration for enable/disable idfw on standalone hosts.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
idfw_enabled Idfw enabled flag

If set to true, Idfw is enabled for standalone hosts		 boolean Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value StandaloneHostIdfwConfiguration string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

StandardHostSwitch (schema) (Deprecated)

Standard host switch specification

Name Description Type Notes
cpu_config Enhanced Networking Stack enabled HostSwitch CPU configuration

CPU configuration specifies number of Logical cpu cores (Lcores) per Non Uniform Memory Access (NUMA) node dedicated to Enhanced Networking Stack enabled HostSwitch to get the best performance.		 array of CpuCoreConfigForEnhancedNetworkingStackSwitch
host_switch_id The host switch id. This ID will be used to reference a host switch.

This field is writable only in case of VDS type HostSwitch and system generated for NVDS type. For VDS type host switch, This field is used to lookup a VDS from corresponding Compute Manager and then can be configured for logical networking. For NVDS type host switch, This field is system generated and if provided will be overwritten.		 string
host_switch_mode Operational mode of a HostSwitch.

STANDARD - This mode applies to all the hypervisors. ENS - This is the Enhanced Data Path switch mode. This mode provides accelerated networking performances but also introduces additional prerequisites. In order to benefit from this mode, workloads will be need to be compiled with DPDK and will use VMXNET3 for their vNIC. This mode is only available on ESX hypervisor (6.7 and above, recommended 6.7 U2 and above) and unavailable on KVM, EDGE and Public Cloud Gateway. Not all NSX features are available in this mode, please consult the documentation. ENS_INTERRUPT - This is an interrupt driven variant of the Enhanced Data Path mode. Please, consult your account representative for applicability. This mode is available only on ESX hypervisor (7.0 and above).
If this property is specified, transport_zone_endpoints must be specified at StandardHostSwitch level.		 string Enum: STANDARD, ENS, ENS_INTERRUPT
host_switch_name host switch name. This name will be used to reference a host switch.

This field is writable only in case of NVDS type HostSwitch and system generated for VDS type. For NVDS type host switch, If this name is unset or empty then the default host switch name will be used. The name must be unique among all host switches specified in a given transport node; unset name, empty name and the default host switch name are considered the same in terms of uniqueness. For VDS type host switch, Manager fetches VDS name from corresponding Compute Manager and populates this field. If VDS name is given (correct or incorrect) it is ignored and overwritten with correct one.		 string Deprecated
Default: "nsxDefaultHostSwitch"
host_switch_profile_ids Identifiers of host switch profiles to be associated with this host switch.

Host switch profiles bound to this host switch. If a profile ID is not provided for any HostSwitchProfileType that is supported by the transport node, the corresponding default profile will be bound to the host switch. If transport node is created using Policy APIs, use policyPaths instead of UUIDs.		 array of HostSwitchProfileTypeIdEntry
host_switch_type Type of HostSwitch

VDS represents VMware vSphere Distributed Switch from vSphere that is used as HostSwitch through TransportNode or TransportNodeProfile configuration. When VDS is used as a HostSwitch, Hosts have to be added to VDS from vSphere and VDS instance is created on Hosts. To configure NSX on such hosts, you can use this VDS as a HostSwitch from NSX manager. vCenter has the ownership of MTU, LAG, NIOC and LLDP configuration of such VDS backed HostSwitch. Remaining configuration (e.g. UplinkHostswitchProfile) will be managed by NSX.
NVDS represents NSX Virtual Switch which is NSX native HostSwitch. All configurations of NVDS will be managed by NSX. HostSwitch of type NVDS has been deprecated on ESX hosts that are managed by a vCenter Server.		 string Enum: NVDS, VDS
Default: "NVDS"
ip_assignment_spec Specification for IPs to be used with host switch virtual tunnel endpoints

IPs can come from either a static IP pool or an explicitly specified IP list or DHCP. In case a list of IP is specified, the number of IPs provided should be sufficient as per teaming policy associated with host switch uplink profile.		 IpAssignmentSpec
(Abstract type: pass one of the following concrete types)
AssignedByDhcp
StaticIpListSpec
StaticIpMacListSpec
StaticIpPoolSpec
is_migrate_pnics Migrate any pnics which are in use

If the pnics specified in the pnics field are used by a single Vsphere Standard Switch or DVS, then migrate the pnics to N-VDS. If any two pnics are not used by the same Vsphere Standard Switch or DVS, it is not supported. In such cases, please migrate them in multiple steps, one Vsphere Standard Switch or DVS at a time.		 boolean Default: "False"
pnics Physical NICs connected to the host switch

Pnics are specified when HostSwitch is of type NVDS. When using the Quick Start workflow on 7.0 clusters, pnic information will be populated by the recommendation when providing a VDS HostSwitch based on a VSS HostSwitch.		 array of Pnic
pnics_uninstall_migration Physical NICs connected to a switch

This is only supported for NVDS type of host switch. If this is specified for VDS type of host switch, an error will be returned to user. The pnics to be migrated out to a non N-VDS switch during transport node deletion.		 array of Pnic
portgroup_transport_zone_id Transport Zone ID representing the DVS used in NSX on DVPG

A transport zone will be created for each DVS found across all hosts in a cluster that is installed for NSX on DVPG. This field, populated by NSX, is the ID of the transport zone created for the DVS this host switch represents. All discovered segments created for the DVPGs found on the DVS will have this ID specified as the transport zone id.		 string Readonly
transport_zone_endpoints Transport zone endpoints.

List of TransportZones that are to be associated with specified host switch.
If this property is specified, host_switch_mode at StandardHostSwitch level must be specified.		 array of TransportZoneEndPoint
uplinks Uplink/LAG of VMware vSphere Distributed Switch connected to the HostSwitch

If VDS is used as a HostSwitch this attribute must be specified. You can associate uplinks from UplinkHostSwitchProfile to either VDS uplink or LAG. VDS uplink or LAG will inherit the global VDS level teaming policy from vSphere. NSX managed uplink or LAG will have NSX teaming policy configured through UplinkHostSwitchProfile.		 array of VdsUplink
vmk_install_migration The vmknic and logical switch mappings

This is only supported for NVDS type of host switch. If this is specified for VDS type of host switch, an error will be returned to user. The vmk interfaces and the associated logical switches on the host switch. The state of this field is realized on the transport node during creation and update.		 array of VmknicNetwork
vmk_uninstall_migration The vmknic and portgroup mappings

This is only supported for NVDS type of host switch. If this is specified for VDS type of host switch, an error will be returned to user. The vmk interfaces and the associated portgroups on the VSS/DVS. This field is realized on the host during transport node deletion or NSX uninstallation to specify the destination for all vmks on N-VDS switches.		 array of VmknicNetwork

StandardHostSwitchSpec (schema)

Specification of transport node standard host switch

Standard host switch specification is used for NSX configured transport node.

Name Description Type Notes
host_switches Transport Node host switches array of StandardHostSwitch Required
Minimum items: 0
resource_type Must be set to the value StandardHostSwitchSpec string Required
Enum: StandardHostSwitchSpec, PreconfiguredHostSwitchSpec

StandbyRelocationConfig (schema) (Deprecated)

Standby service contexts relocation setting

Name Description Type Notes
standby_relocation_threshold Standby service context relocation wait time

The time interval (in minutes) to wait before starting the standby
service context relocation process. In some cases, the standby
relocation trigger may take more time than what is set in threshold
because of multiple different reasons, as listed below
A. Standby relocation process runs as a background task which poll edge
clusters at pre-defined interval of 5 minutes, to check for standby relocation.
If during one cycle of standby relocation, an edge is found to be down, and the
time remaining to threshold expiry in less then 5 minutes (for example 2 minute),
than this relocation will be picked up in next cycle of standby relocation
after 5 minutes, and not after 2 minutes.
B. If edge becomes down at X time, then edge might take few seconds or
minutes for all services to completely go down and report that they are
down. So actual time when unified appliance knows edge is down may be X + delta.
This delta time adds to the actual standby relocation threshold expiry,
and once the [standby relocation threshold time + delta time] is complete for an
edge node, and the edge is still down, than the standby relocation task will be
performed for this edge node in the next cycle, that may be due to run anytime
within next 5 minutes.
integer Minimum: 10
Maximum: 20000
Default: "30"

StatItem (schema)

Statistic of an entity

Displayed as a single number. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states.

Name Description Type Notes
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget.		 string
tooltip Multi-line tooltip

Multi-line text to be shown on tooltip while hovering over the stat.		 array of Tooltip Minimum items: 0
total Total

If expression for total is specified, it evaluates it. Total can be omitted if not needed to be shown.		 string
value Stat

Expression for stat to be displayed.		 string Required
Maximum length: 1024

StaticARPConfig (schema)

Static ARP Config

Contains Static ARP configuration for Segment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_address IP Address IPAddress Required
mac_address MAC Address MACAddress Required
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value StaticARPConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

StaticFilter (schema)

Static filters

Name Description Type Notes
additional_value An additional value for static filter

An additional key-value pair for static filter.		 object
display_name Display name for static filter

display name to be shown in the drop down for static filter.		 string Maximum length: 1024
short_display_name A property value to be shown once value is selected for a filter.

Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used.		 string Maximum length: 1024
value Value of static filter

Value of static filter inside dropdown filter.		 string

StaticHopBfdPeer (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bfd_config Configuration for the BFD peer

If not specified then BFD peer will inherit configuration from the BFD global config.		 BfdConfigParameters
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled status of BFD peer

Indicate BFD peer is enabled or disabled. Default is true.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
peer_ip_address IP address of BFD peer

IP address of BFD peer. This should be same as next hop IP address.		 IPAddress Required
resource_type Must be set to the value StaticHopBfdPeer string
source_addresses Array of Logical Router Uplink IP Addresses

BFD peers will be created from all these source addresses to this neighbour.		 array of IPAddress Maximum items: 8
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

StaticHopBfdPeerDeleteRequestParameters (schema)

BFD peer delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

StaticHopBfdPeerListParameters (schema)

BFD Peers list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

StaticHopBfdPeerListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results static hop BFD peer list results array of StaticHopBfdPeer Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

StaticIpListSpec (schema) (Deprecated)

IP assignment specification for Static IP List.

Name Description Type Notes
default_gateway Gateway IP IPAddress Required
ip_list List of IPs for transport node host switch virtual tunnel endpoints array of IPAddress Required
Maximum items: 32
resource_type Must be set to the value StaticIpListSpec string Required
Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec
subnet_mask Subnet mask IPAddress Required

StaticIpMacListSpec (schema) (Deprecated)

IP and MAC assignment specification for Static IP List.

Name Description Type Notes
default_gateway Gateway IP IPAddress Required
ip_mac_list List of IPs and MACs for transport node host switch virtual tunnel endpoints array of IpMacPair Required
Maximum items: 32
resource_type Must be set to the value StaticIpMacListSpec string Required
Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec
subnet_mask Subnet mask IPAddress Required

StaticIpPoolSpec (schema) (Deprecated)

IP assignment specification for Static IP Pool.

Name Description Type Notes
ip_pool_id string Required
resource_type Must be set to the value StaticIpPoolSpec string Required
Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec

StaticMimeContent (schema)

Static MIME content

MIME content with text message and image path in it.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value StaticMimeContent string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
text_message text message

text message.		 string Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

StaticMimeContentListRequestParameters (schema)

Policy static mime content list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

StaticMimeContentListResult (schema)

Paged Collection of Policy static mime contents

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Policy static mime content list results array of StaticMimeContent Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

StaticRoute (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
logical_router_id Logical router id string Readonly
network CIDR IPCIDRBlock Required
next_hops Next Hops array of StaticRouteNextHop Required
Minimum items: 1
resource_type Must be set to the value StaticRoute string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

StaticRouteBfdPeer (schema)

Static Route Bidirectional Forwarding Detection Peer

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
bfd_profile_path Policy path to Bfd Profile

Bfd Profile is not supported for IPv6 networks.		 string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Enable BFD Peer

Flag to enable BFD peer.		 boolean Default: "True"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
peer_address IP Address of static route next hop peer

Only IPv4 addresses are supported. Only a single BFD config per peer address is allowed.		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value StaticRouteBfdPeer string
scope Array of policy paths of locale services

Represents the array of policy paths of locale services where this BFD peer should
get relalized on.
The locale service service and this BFD peer must belong to the same router.
Default scope is empty.
array of string
source_addresses List of source IP addresses

Array of Tier0 external interface IP addresses. BFD peering is established from all these source addresses to the neighbor specified in peer_address. Only IPv4 addresses are supported.		 array of string Minimum items: 0
Maximum items: 8
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

StaticRouteBfdPeerListResult (schema)

Paged Colleciton of StaticRouteBfdPeer

Paged collection of StaticRouteBfdPeer.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results StaticRouteBfdPeer list results

StaticRouteBfdPeer list results.		 array of StaticRouteBfdPeer Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

StaticRouteListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paginated list of static routes array of StaticRoute Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

StaticRouteNextHop (schema)

Name Description Type Notes
administrative_distance Administrative Distance for the next hop IP integer Minimum: 1
Maximum: 255
Default: "1"
bfd_enabled Status of bfd for this next hop where bfd_enabled = true indicate bfd is enabled for this next hop and bfd_enabled = false indicate bfd peer is disabled or not configured for this next hop. boolean Readonly
Default: "False"
blackhole_action Action to be taken on matching packets for NULL routes. BlackholeAction Readonly
ip_address Next Hop IP IPAddress
logical_router_port_id Reference of logical router port to be used for next hop ResourceReference

StaticRoutes (schema)

Static routes configuration on Tier-0 or on Tier-1

Static routes configuration on Tier-0 or Tier-1.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled_on_secondary Flag to plumb route on secondary site

When false or by default northbound routes are configured only on the primary
location and not on secondary location. When true, the static route will also be
configured on a secondary location. Secondary location prefers route learned from
the primary location and enabling this flag secondary location can override this.
This flag is not applicable if all sites are primary.
boolean Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
network Network address in CIDR format

Specify network address in CIDR format.
IPElement Required
next_hops Next hop routes for network

Specify next hop routes for network.
array of RouterNexthop Required
Minimum items: 1
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value StaticRoutes string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

StaticRoutesListRequestParameters (schema)

Static Routes list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

StaticRoutesListResult (schema)

Paged collection of Static Routes

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Static Routes list results array of StaticRoutes Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

StatisticsRequestParameters (schema)

Statistics Request Parameters

Request parameters that represents an enforcement point path. A request on statistics
can be parameterized with this path and will be evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- {enforcement_point_path}: the request is evaluated only on the given enforcement
point.
- {container_cluster_path}: The request is evaluated only on the given
container cluster.

Name Description Type Notes
container_cluster_path String Path of the Container Cluster entity

Path to the container cluster entity where the request will be executed.
string
enforcement_point_path String Path of the enforcement point

enforcement point path, forward slashes must be escaped using %2F.
string

StatsConfiguration (schema)

Stats Configuration

Represents configuration of a statistic for an entity. Example, number of logical switches and their admin states.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
label Label of the Stats Configuration

Displayed at the sections, by default. It labels the entities of sections. If label is not provided, the sections are not labelled.		 Label
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
navigation Navigation to a specified UI page

Hyperlink of the specified UI page that provides details.		 string Maximum length: 1024
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value StatsConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
sections Sections array of DonutSection Minimum items: 0
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
stat Expression for feching statistic of an entity

Expression that fetches statistic. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. If stat is not provided, then it will not be displayed.		 StatItem
sub_type Sub-type of the StatsConfiguration

A sub-type of StatsConfiguration. If sub-type is not specified the parent type is rendered. The COMPACT sub_type, conserves the space for the widget. The statistic is placed on the right side on top of the status bar and the title of the widget is placed on the left side on the top of the status bar. The COMPACT style aligns itself horizontally as per the width of the container. If multiple widgets are placed insided the container then the widgets are placed one below the other to conserve the space.		 string Enum: COMPACT
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

StatusCount (schema)

Name Description Type Notes
degraded_count Degraded count int
down_count Down count int
status Roll-up status string Enum: UP, DOWN, DEGRADED, UNKNOWN
up_count Up count int

StatusSummaryRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which upgrade units to be filtered string
selection_status Flag to indicate whether to return status for only selected, only deselected or both type of upgrade units string Enum: SELECTED, DESELECTED, ALL
Default: "ALL"
show_history Get upgrade activity for a given component

Get details of the last 16 operations performed during the upgrade of a given component.		 boolean

StorageClasses (schema)

Kubernetes storage classes

List Kubernetes storage classes.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
name List the name of storage classes array of string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

StringArrayConstraintValue (schema)

Array of String Values to perform operation

List of String values

Name Description Type Notes
resource_type Must be set to the value StringArrayConstraintValue string Required
Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue
values Array of String

Array of string values		 array of string Required
Minimum items: 1
Maximum items: 100

StructuredData (schema)

Structured data entry in RFC5424 log format

Name Description Type Notes
audit Audit flag of the log string Required
comp Component value of the log string Required
ent_id Entity Id value of the log string
ereq_id External request Id value of the log string
error_code Error Code value of the log string
level Level value of the log string
req_id Request Id value of the log string
s2comp Sub-subcomponent value of the log string
security Security flag of the log string
subcomp Subcomponent value of the log string Required
username Username value of the log string

StubStatus (schema)

Name Description Type Notes
address IP/FQDN of the node string
connection_up Is stub up boolean Required

SubPool (schema)

Name Description Type Notes
remaining_credit_number Remaining credit number of the sub-pool

Credits remaining on the sub-pool that can be used to deploy services of
corresponding sub-pool type.
int Readonly
sub_pool_type Sub-pool Type

Type of the sub-pool configured on edge node.		 string Readonly
usage_percentage Percentage utlization of sub-pool

Percentage utlization of sub-pool based on the number of services
configured and the hard limits, if any.
number Readonly

SubjectAltNames (schema)

A collection of subject alternative names

Name Description Type Notes
dns_names DNS names

A list of DNS names in subject alternative names		 array of DnsNameString Readonly
Minimum items: 1
Maximum items: 128
ip_addresses IP Addresses

A list of IP addresses in subject alternative names		 array of string Readonly
Minimum items: 1
Maximum items: 64

SubjectPublicKeyHash (schema)

Name Description Type Notes
public_key_sha256_hashes SHA256 hashes of Public Keys

List of SHA256 hashes of the Public Key of the revoked certificates with the specified subject.		 array of string
subject Subject Distinguished Name (DN)

Subject Distinguished Name of the revoked certificates.		 string

SuccessNodeSupportBundleResult (schema)

Name Description Type Notes
bundle_name Name of support bundle, e.g. nsx_NODETYPE_UUID_YYYYMMDD_HHMMSS.tgz string Required
Readonly
bundle_size Size of support bundle in bytes integer Required
Readonly
node_display_name Display name of node string Required
Readonly
node_id UUID of node string Required
Readonly
sha256_thumbprint File's SHA256 thumbprint string Required
Readonly

SummaryMigrationFeedbackRequest (schema)

Feedback detail required for Migration

Minimal description of feedback requests.

Name Description Type Notes
details Details about this specific feedback request

Details about this specific feedback request.		 string Readonly
federation_site_id Id of the site in NSX-T Federation

Id of the site in NSX-T Federation		 string Readonly
id UUID of the feedback request

Identifier of the feedback request.		 string Required
Readonly
object_id UUID of the object

Identifier of the object for which feedback is requested.		 string Readonly
rejected Indicates if the previous feedback response was rejected

Indicates if previous response was invalid. Please provide a valid response.		 boolean Readonly
resolution Previous resolution details for this feedback request

If the feedback request was resolved earlier, provides details about the previous resolution.		 string Readonly
resolved Indicates if this feedback request has already been resolved

Indicates if a valid response already exist for this feedback request.		 boolean Readonly
v_object_id Id of this object in the source NSX endpoint

Identifier for this object in the source NSX endpoint.		 string Required
Readonly
v_object_name Name of this object in the source NSX endpoint

Name of this object in the source NSX endpoint.		 string Required
Readonly

SummaryRequest (schema)

Name Description Type Notes
summary Flag indicating whether to return the summary boolean Default: "False"

SupportBundleContainerNode (schema)

This is an abstract type. Concrete child types:
AntreaSupportBundleContainerNode

Name Description Type Notes
container_type Support bundle container type string Required
Enum: ANTREA

SupportBundleFileTransferAuthenticationScheme (schema)

Name Description Type Notes
password Password to authenticate with string Required
scheme_name Authentication scheme name string Required
Enum: PASSWORD
username User name to authenticate with string Required

SupportBundleFileTransferProtocol (schema)

Name Description Type Notes
authentication_scheme Scheme to authenticate if required SupportBundleFileTransferAuthenticationScheme Required
name Protocol name string Required
Enum: SCP, SFTP
ssh_fingerprint SSH fingerprint of server string Required

SupportBundleQueryParameter (schema)

Name Description Type Notes
override_async_response Override any existing support bundle async response

Override an existing support bundle async response if it exists. If not set to true and an existing async response is available, the support bundle request results in 409 CONFLICT.		 boolean Default: "False"
require_delete_or_override_async_response Suppress auto-deletion of generated support bundle

If the remote_file_server option has not been specified, save generated support bundle until a subsequent request either deletes or overrides the support bundle generated by the current request using the action=delete_async_response or override_async_response=true query parameters. Setting this property to true allows the NSX API client to re-download a support bundle if for example a previous download attempt fails.		 boolean Default: "False"

SupportBundleQueryParameters (schema)

Name Description Type Notes
all Include all files

Include all files including files that may have sensitive information like core files.		 boolean Default: "False"

SupportBundleRemoteFileServer (schema)

Remote file server

Name Description Type Notes
directory_path Remote server directory to copy bundle files to string Required
manager_upload_only Uploads to the remote file server performed by the manager boolean Default: "False"
port Server port integer Minimum: 1
Maximum: 65535
Default: "22"
protocol Protocol to use to copy file SupportBundleFileTransferProtocol Required
server Remote server hostname or IP address string Required

SupportBundleRequest (schema)

Name Description Type Notes
container_nodes List of container clusters and their nodes requiring support bundle collection array of SupportBundleContainerNode
(Abstract type: pass one of the following concrete types)
AntreaSupportBundleContainerNode		 Minimum items: 1
content_filters Bundle should include content of specified type array of ContentFilterValue Minimum items: 1
Default: "['DEFAULT']"
dynamic_content_filters List of content filters that decide the additional content that go into the support bundle

List of dynamic content filters that specify additional content to include in the support bundle. The list of available filters available depends on your NSX-T deployment and can be determined by invoking the GET /api/v1/adminstration/support-bundles/dynamic-content-filters NSX API. For example, if NSX Intelligence is deployed, filters for collecting specific information about services are available.		 array of DynamicContentFilterValue Default: "['ALL']"
log_age_limit Include log files with modified times not past the age limit in days integer Minimum: 1
nodes List of cluster/fabric node UUIDs processed in specified order array of string Minimum items: 1
remote_file_server Remote file server to copy bundles to, bundle in response body if not specified SupportBundleRemoteFileServer

SupportBundleResult (schema)

Name Description Type Notes
failed_nodes Nodes where bundles were not generated or not copied to remote server array of FailedNodeSupportBundleResult Required
Readonly
remaining_nodes Nodes where bundle generation is pending or in progress array of RemainingSupportBundleNode
request_properties Request properties SupportBundleRequest Required
Readonly
success_nodes Nodes whose bundles were successfully copied to remote file server array of SuccessNodeSupportBundleResult Required
Readonly

SupportedHostOSListResult (schema)

Supported host OS list result

REST interface for supported host OS types.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Supported host OS list results array of string Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SvmConnectivityStatus (schema)

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
connectivity_status Connectivity status with SVM

Connectivity status with the deployed Solution VM TRUE - VM is configured and protected by EPP/AMS Service VM. FALSE - VM is either not configured for protection or VM is disconnected from EPP/AMS Service VM.		 boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
resource_type Must be set to the value SvmConnectivityStatus string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
service_name Service name of Solution

Service name as provided for Anti Malware Solution or as provided for third party Endpoint Protection solution during service registration.		 string Readonly
solution_id SVM solutionID

Solution ID as provided for Anti Malware Solution(AMS) or as provided for third party Endpoint Protection(EPP) solution during service registration.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

SwitchSecuritySwitchingProfile (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
block_non_ip_traffic A flag to block all traffic except IP/(G)ARP/BPDU boolean Default: "False"
bpdu_filter Enables or disables BPDU filtering

BPDU filtering is enabled by default. A pre-defined list of MAC addresses
are automatically excluded from BPDU filtering.
BpduFilter
description Description of this resource string Maximum length: 1024
Sortable
dhcp_filter Filters DHCP server and/or client traffic.

DHCP server blocking is enabled and client blocking is disabled by default		 DhcpFilter
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ra_guard_enabled Indicates whether ra guard should be enabled

RA Guard when enabled blocks unauthorized/rogue Router Advertisement (RA) packets.		 boolean Default: "True"
rate_limits Allows configuration of rate limits for broadcast and multicast traffic

Rate limiting is disabled by default		 RateLimits
required_capabilities array of string Readonly
resource_type Must be set to the value SwitchSecuritySwitchingProfile string Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

SwitchingGlobalConfig (schema)

NSX global configs for switching

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
arp_limit_per_lr ARP limit per logical router per transport node

This is a global max ARP limit per logical router per transport
node. It is applied to all the logical routers present on all types
of transport nodes in the NSX domain. Updates to the field are
allowed only through /policy/api/v1/infra/global-config API.
int Minimum: 5000
Maximum: 50000
Default: "50000"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
global_replication_mode_enabled A flag to indicate if global replication mode is enabled

When this flag is set true, certain types of BUM packets will be sent to all VTEPs in the global VTEP table, ignoring the logical switching span.		 boolean Default: "False"
id Unique identifier of this resource string Sortable
physical_uplink_mtu MTU for the physical uplinks

This is the global default MTU for all the physical uplinks in a NSX domain. This is the default value for the optional uplink profile MTU field. When the MTU value is not specified in the uplink profile, this global value will be used. This value can be overridden by providing a value for the optional MTU field in the uplink profile. Whenever this value is updated, the updated value will only be propagated to the uplinks that don't have the MTU value in their uplink profiles. If this value is not set, the default value of 1700 will be used. The Transport Node state can be monitored to confirm if the updated MTU value has been realized.		 int Default: "1700"
remote_tunnel_physical_mtu The physical MTU for the remote tunnel endpoints

This is the global default MTU for all the physical remote tunnel endpoints in an NSX domain. Please consider intersite link MTU minus any external overhead when defining the MTU. If this value is not set, the default value of 1500 will be used.		 int Default: "1700"
resource_type Must be set to the value SwitchingGlobalConfig GlobalConfigType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
uplink_mtu_threshold Upper threshold for MTU on physical and logical uplinks

This value defines the upper threshold for the MTU value that can be configured at a physical uplink level or a logical routing uplink level in a NSX domain. All Uplink profiles validate against this value so that the MTU specified in an Uplink profile does not exceed this global upper threshold. Similarly, when this value is modified, the new value must be greater than or equal to any existing Uplink profile's MTU. This value is also validated to be greater than or equal to physical_uplink_mtu in SwitchingGlobalConfig and logical_uplink_mtu in RoutingGlobalConfig.		 int Default: "9000"

SwitchingProfileDeleteParameters (schema) (Deprecated)

Name Description Type Notes
unbind force unbinding of logical switches and ports from a switching profile boolean Default: "False"

SwitchingProfileListParameters (schema) (Deprecated)

Switching profile list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_system_owned Whether the list result contains system resources boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
switching_profile_type comma-separated list of switching profile types, e.g. ?switching_profile_type=QosSwitchingProfile,IpDiscoverySwitchingProfile string

SwitchingProfileStatus (schema) (Deprecated)

Name Description Type Notes
num_logical_ports Number of logical ports using a switching profile integer Required
Readonly
num_logical_switches Number of logical switches using a switching profile integer Readonly
switching_profile_id Identifier for the switching profile string

SwitchingProfileType (schema) (Deprecated)

Supported switching profiles.

Supported switching profiles.
'PortMirroringSwitchingProfile' is deprecated, please turn to
"Troubleshooting And Monitoring: Portmirroring" and use
PortMirroringSession API for port mirror function.

Name Description Type Notes
SwitchingProfileType Supported switching profiles.

Supported switching profiles.
'PortMirroringSwitchingProfile' is deprecated, please turn to
"Troubleshooting And Monitoring: Portmirroring" and use
PortMirroringSession API for port mirror function.
string Deprecated
Enum: QosSwitchingProfile, PortMirroringSwitchingProfile, IpDiscoverySwitchingProfile, SpoofGuardSwitchingProfile, SwitchSecuritySwitchingProfile, MacManagementSwitchingProfile

SwitchingProfileTypeIdEntry (schema) (Deprecated)

Name Description Type Notes
key SwitchingProfileType
value key value string Required

SwitchingProfilesListResult (schema) (Deprecated)

Switching Profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Switching Profile Results array of BaseSwitchingProfile
(Abstract type: pass one of the following concrete types)
IpDiscoverySwitchingProfile
MacManagementSwitchingProfile
QosSwitchingProfile
SpoofGuardSwitchingProfile
SwitchSecuritySwitchingProfile		 Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SwitchingToVmcModeParameters (schema)

Parameters required to switch to VMC nsx node mode

Possible values of a mode in a "/config/nsx_appliance_mode" file

Name Description Type Notes
auth_code Auth Code

Client's credentials.		 Oauth2Credentials
base_url CSP base URL

Protocol and domain name (or IP address) of a CSP server, like "https://console-stg.cloud.vmware.com".		 string
basic_auth_whitelist_ips Whitelist IPs

List of whitelist IPs for basic auth		 array of string
csp_access_token_uri CSP endpoint that exchanges a grant for an access token

This CSP end-point exchanges one of the following grants - authorization_code, refresh_token, client_credentials or client_delegate for an access token.		 string
csp_client_credential CSP Client Credential

Client's credentials on CSP server		 Oauth2Credentials
csp_client_incoming_credentials CSP client incoming credentials

List of incoming client IDs		 array of string
csp_logout_uri CSP endpoint that returns the identity provider's logout url

This CSP end-point returns the identity provider's logout url. In order to logout, an explicit redirect to this url is needed.		 string
csp_org_uri Relative path to CSP Org

Relative path on CSP server to the Org location. Can be "/csp/gateway/am/api/orgs/".		 string
csp_public_key_uri CSP endpoint to get the list of public keys in JWKS format

CSP endpoint that returns a list of public keys in jwks format. These keys are used in an application to validate that the access-token is valid.		 string
csp_time_drift CSP time drift

CSP time drift in milliseconds		 integer
csp_user_authorization_uri CSP Discovery login entry point for OAuth 2.0 authorization

This endpoint is used with browser redirection only. It discovers the user's Identity Provider (IdP) and sends the user to the IdP login page. It is the starting point of the OAuth 2.0 flow to authenticate end users from an application.		 string
csp_user_info_uri CSP user info endpoint

This endpoint returns the content of the given access token if the token is valid. It also includes the group_ids and group_names if the client is registered with group_id, group_names scopes. It's usually /am/api/userinfo.		 string
default_org_id Org ID of a Client

Org ID of a Client - commonly UUID.		 string
ea_org Org Info for "Site Reliability Engineer"

Org ID and role of "Site Reliability Engineer"		 OrgInfo
gss_org Org Info for "Global Support Services"

Org ID and role of "Global Support Services"		 OrgInfo
mode_change_only Only change node mode

When this parameter is set to true, only a change of the node mode happens without any update to the auth properties. When this param is not set to true i.e. set to false or not provided, mode change and update to the auth properties will both happen.		 boolean
mode_id Nsx node mode

Possible enum values in a "/config/nsx_appliance_mode" file		 string Required
Enum: ON_PREM, SERVICE, VMC, VMC_LOCAL
proxy_host IP/host of PoP (Point-of-Presence) HTTP proxy server HostnameOrIPv4Address
proxy_port Port of PoP (Point-of-Presence) Http proxy server integer Minimum: 1
Maximum: 65535
public_client_info OAuth2 info for public clients

OAuth2 info for public clients		 PublicClientInfo
resource_type Node Mode type string Enum: SwitchingToVmcModeParameters
Default: "SwitchingToVmcModeParameters"
sddc_id SDDC id

SDDC id		 string
service_definition_id Service definition id

Service definition id		 string
sre_org Org Info for "Enterprise Admin"

Org ID and role of "Enterprise Admin"		 OrgInfo

SwitchoverStatus (schema)

Name Description Type Notes
current_step Progress of each items ProgressItem
current_step_number Current number integer Required
note Special messages, most of the time this will be empty, i.e. If SM performing the operation went down, another SM will restart the progress. string Required
number_of_steps Total number of steps integer Required
overall_status Status of the operation string Required
Enum: NOT_STARTED, RUNNING, ERROR, COMPLETE

SyslogConfiguration (schema)

Syslog server configuration

Syslog server configuration parameters

Name Description Type Notes
log_level Log level to be redirected

Log level that needs to be redirected.
string Enum: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG
Default: "INFO"
name Display name of the syslog server string
port Syslog server port

Syslog server listening port.
PortElement Default: "514"
protocol Syslog protocol

Supported Syslog protocol.
string Enum: TCP, UDP, TLS, LI, LI_TLS
Default: "UDP"
server Server Ip or fqdn

Syslog server Ip or fqdn.
string Required

SyslogExporter (schema)

Syslog exporter properties

This object specifies what, where and how logs on NSX nodes are forwarded.

Name Description Type Notes
max_log_level LogLevel

Maximum logging level for messages to be exported.		 string Required
Enum: EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG
port Syslog port

Server port on which syslog listener is listening.		 integer Minimum: 1
Maximum: 65535
Default: "514"
protocol Protocol

Protocol to be used to export logs to syslog server.		 string Required
Enum: TCP, UDP, LI
server Syslog server

Syslog server IP address or hostname.		 HostnameOrIPv4Address Required

SyslogFacility (schema)

Syslog facility

Name Description Type Notes
SyslogFacility Syslog facility string Enum: KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, AUTHPRIV, FTP, LOGALERT, CRON, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

SyslogProperties (schema)

Syslog service properties

This object contains list of syslog exporters used by NSX nodes.

Name Description Type Notes
exporters Syslog exporters

List of syslog exporters.		 array of SyslogExporter Required

SystemHealthAgentProfile (schema)

System Health Agent Profile Entity

Describes a profile to define a kind of system health agent.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
config Profile Content

The config content of System Health Agent		 string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Profile Enablement Flag

The on-off switch of System Health Agent		 boolean
id Unique identifier of this resource string Sortable
plugin_id Plugin id

The id of System Health Agent plugin		 string Required
resource_type Must be set to the value SystemHealthAgentProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Profile Type

The type of System Health Agent.
The System Health Agent plugin associated with given plugin id has already defined the profile type.
So the backend can obtain the type by the plugin definition directly. Mark this field as optional.
If need to check the type value by given plugin id, please call /systemhealth/plugins/.
SystemHealthAgentType

SystemHealthAgentProfileListResult (schema)

List of System Health Profiles

The list result for query of system health profile entity.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results System Health Profile List array of SystemHealthAgentProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SystemHealthAgentType (schema)

Name Description Type Notes
SystemHealthAgentType string Enum: COMPUTE, STORAGE, NETWORK, HYPERBUS, NCP, NODEAGENT, VSAN, TNAGENT, UPLINK

SystemHealthPluginProfile (schema)

System Health Plugin Profile

Describes a profile to define a kind of system health plugin.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
config The pre defind plugin profile

Display the default config of pre defined plugin.
The config can be changed by API /systemhealth/profiles.
To see the effective status on given node, use the status API per node
/systemhealth/plugins/status/.
SHAPredefinedPluginProfileData Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Plugin Enablement Flag

Display the default on-off switch of pre defined plugin.
The config can be changed by API /systemhealth/profiles.
To see the effective status on given node, use the status API per node
/systemhealth/plugins/status/.
boolean Readonly
id Unique identifier of this resource string Sortable
node_types The supported node types

Display the running node types of pre-defined plugin.
The config can be changed by API /systemhealth/profiles.
To see the effective status on given node, use the status API per node
/systemhealth/plugins/status/.
array of NsxNodeType Readonly
publisher Plugin publisher

The publisher of System Health Agent plugin		 string
resource_type Must be set to the value SystemHealthPluginProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Plugin Type

The type of System Health Agent plugin		 SystemHealthAgentType Default: "NETWORK"

SystemHealthPluginProfileList (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Total plugin count integer Required
results System Health plugin list array of SystemHealthPluginProfile
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

SystemHostname (schema)

System host name

Name Description Type Notes
SystemHostname System host name string Maximum length: 255
Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$"

SystemInfo (schema)

System info

Name Description Type Notes
deployment_type Virtual machine or bare metal machine string Enum: PHYSICAL_MACHINE, VIRTUAL_MACHINE
hypervisor_os_type HypervisorOsType
pnics List of pnics array of DeviceNameAndMacAddrOfPnic
search_string Bios UUID and MAC address of management interface string

SystemVMListRequestParameter (schema)

SystemVMListRequestParameter

System VMs list request parameter

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
query Search query

Search query		 string
sort_ascending boolean
sort_by Field by which records are sorted string

Tag (schema)

Arbitrary key-value pairs that may be attached to an entity

Name Description Type Notes
scope Tag scope

Tag searches may optionally be restricted by scope		 string Maximum length: 128
Default: ""
tag Tag value

Identifier meaningful to user with maximum length of 256 characters		 string Default: ""

TagBulkOperation (schema)

Payload to update the tag on specified objects

Tag and resource information on which tag to be applied or removed.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
apply_to List of resources on which tag needs to be applied

List of resources on which tag needs to be applied.
array of ResourceInfo
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
remove_from List of resources from which tag needs to be removed

List of resources from which tag needs to be removed.
array of ResourceInfo
resource_type Must be set to the value TagBulkOperation string
tag Tag Tag Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TagBulkOperationStatus (schema)

Status of tag bulk operation

Status of tag bulk operation.

Name Description Type Notes
apply_to Tag apply operation status per resource type

Tag apply operation status per resource type.
array of ResourceTypeTagStatus
path Intent path corresponding to tag operation string Required
remove_from Tag remove operation status per resource type

Tag remove operation status per resource type.
array of ResourceTypeTagStatus
status Overall status string Required
Enum: Success, Running, Error, Pending
tag Tag Tag Required

TagInfo (schema)

Information about arbitrary key-value pairs that may be attached to an entity

Name Description Type Notes
scope Tag scope

Tag searches may optionally be restricted by scope		 string Maximum length: 128
Default: ""
tag Tag value

Identifier meaningful to user with maximum length of 256 characters		 string Default: ""
tagged_objects_count Number of objects with assigned with matching scope and tag values int Readonly

TagInfoListRequestParameters (schema)

TagInfo list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
scope Tag scope string
sort_ascending boolean
sort_by Field by which records are sorted string
source Source from which tags are synced. string Enum: Amazon, Azure, NSX, ANY
tag Tag value string

TagInfoListResult (schema)

Paged Collection of Tags

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Tag info list results array of TagInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TaggedObjectsListRequestParameters (schema)

TagInfo list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
filter_text Filter text to restrict tagged objects list with matching filter text. string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
scope Tag scope string
sort_ascending boolean
sort_by Field by which records are sorted string
tag Tag value string

TargetResourceStatus (schema)

Holds status of target resource in firewall context.

Name Description Type Notes
target_id Target ID

Identifier of the NSX resource.		 string Maximum length: 64
target_status Firewall Status Type

Firewall status on a target logical resource.		 FirewallStatusType Required

TaskListResult (schema)

Task query results

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Task property results array of TaskProperties Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TaskProperties (schema)

Task properties

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
async_response_available True if response for asynchronous request is available boolean Readonly
cancelable True if this task can be canceled boolean Readonly
description Description of the task string Readonly
end_time The end time of the task in epoch milliseconds EpochMsTimestamp Readonly
id Identifier for this task string Readonly
message A message describing the disposition of the task string Readonly
progress Task progress if known, from 0 to 100 integer Readonly
Minimum: 0
Maximum: 100
request_method HTTP request method string Readonly
request_uri URI of the method invocation that spawned this task string Readonly
start_time The start time of the task in epoch milliseconds EpochMsTimestamp Readonly
status Current status of the task TaskStatus Readonly
user Name of the user who created this task string Readonly

TaskQueryParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
request_uri Request URI(s) to include in query result

Comma-separated request URIs to include in query result		 string
sort_ascending boolean
sort_by Field by which records are sorted string
status Status(es) to include in query result

Comma-separated status values to include in query result		 string
user Names of users to include in query result

Comma-separated user names to include in query result		 string

TaskStatus (schema)

Current status of the task

Name Description Type Notes
TaskStatus Current status of the task string Enum: running, error, success, canceling, canceled, killed

TcpHeader (schema)

Name Description Type Notes
dst_port Destination port of tcp header integer Minimum: 0
Maximum: 65535
src_port Source port of tcp header integer Minimum: 0
Maximum: 65535
tcp_flags TCP flags (9bits) integer Minimum: 0
Maximum: 511

TcpMaximumSegmentSizeClamping (schema)

TCP MSS Clamping

TCP MSS Clamping Direction and Value.

Name Description Type Notes
direction Maximum Segment Size Clamping Direction

Specifies the traffic direction for which to apply MSS Clamping.
string Enum: NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION, BOTH
Default: "NONE"
max_segment_size Maximum Segment Size Value

MSS defines the maximum amount of data that a host is willing to
accept in a single TCP segment. This field is set in TCP header
during connection establishment. To avoid packet fragmentation,
you can set this field depending on uplink MTU and VPN overhead.
This is an optional field and in case it is left unconfigured,
best possible MSS value will be calculated based on effective
mtu of uplink interface. Supported MSS range is 216 to 8960.
integer Minimum: 108
Maximum: 8902

TcpMssClamping (schema)

Tcp Mss Clamping Object

Tcp Mss Clamping Direction and value

Name Description Type Notes
direction MSS Clamping direction

Specifies the traffic direction for which to apply MSS Clamping.		 string Enum: NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION, BOTH
Default: "NONE"
max_segment_size Maximum Segment Size value

It defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 108 to 8902.		 integer Minimum: 108
Maximum: 8902

TeamingPolicy (schema) (Deprecated)

Uplink Teaming Policy

Name Description Type Notes
active_list List of Uplinks used in active list array of Uplink Required
policy Teaming policy string Required
Enum: FAILOVER_ORDER, LOADBALANCE_SRCID, LOADBALANCE_SRC_MAC
rolling_order Flag for preemptive mode boolean Default: "False"
standby_list List of Uplinks used in standby list array of Uplink

TelemetryAgreement (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value TelemetryAgreement string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
telemetry_agreement_displayed Flag to indicate if telemetry agreement has been displayed

Determine if telemetry agreement has been displayed. If false,
the agreement text will be displayed at login time.
boolean Required

TelemetryConfig (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
ceip_acceptance Flag to indicate if CEIP has been accepted

Enable this flag to participate in the Customer Experience Improvement Program.
boolean Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
proxy_enabled Flag to indicate if proxy has been configured

Enable this flag to specify a proxy, and provide the proxy settings.		 boolean Default: "False"
resource_type Must be set to the value TelemetryConfig string
schedule_enabled Flag to indicate if data collection is enabled

Enable this to schedule data collection and upload times. If enabled,
and a schedule is not provided, a default schedule (WEEKLY, Sunday at 2:00 a.m)
will be applied.
boolean Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
telemetry_deployment_id Deployment id associated with telemetry data

Deployment id generated during initialization of telemetry config.		 string Readonly
telemetry_proxy Set config for proxy to be used to send out telemetry data

Specify the proxy configuration (scheme, server, port) here.		 TelemetryProxy
telemetry_schedule Set schedule for when telemetry data should be collected

Specify one of Daily, Weekly or Monthly schedules.		 TelemetrySchedule
(Abstract type: pass one of the following concrete types)
DailyTelemetrySchedule
MonthlyTelemetrySchedule
WeeklyTelemetrySchedule

TelemetryProxy (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
hostname FQDN or IP address of the proxy server

Specify the fully qualified domain name, or ip address, of the proxy server.
string Required
Format: hostname-or-ip
id Unique identifier of this resource string Sortable
password Password

Specify the password used to authenticate with the proxy server, if required.
A GET call on /telemetry/config returns a non-meaningful password to maintain
security. To change the password to a new value, issue a PUT call after updating
this field. To remove the password, issue a PUT call after emptying this field.
To retain a previously set password, issue a PUT call keeping the non-meaningful
value obtained from the GET call.
string
port Configured port for proxy

Specify the port of the proxy server.		 int Required
resource_type Must be set to the value TelemetryProxy string
scheme The scheme accepted by the proxy server

The scheme accepted by the proxy server. Specify one of HTTP and HTTPS.
string Required
Enum: HTTP, HTTPS
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
username User name

Specify the user name used to authenticate with the proxy server, if required.
string

TelemetrySchedule (schema)

Abstract base type for telemetry schedule configuration

This is an abstract type. Concrete child types:
DailyTelemetrySchedule
MonthlyTelemetrySchedule
WeeklyTelemetrySchedule

Name Description Type Notes
frequency_type Frequency at which data will be collected

Specify one of DailyTelemetrySchedule, WeeklyTelemetrySchedule, or MonthlyTelemetrySchedule.		 string Required

ThreatStatus (schema)

Name Description Type Notes
status Transport node threat status string Enum: NORMAL, ABNORMAL

Tier0 (schema)

Tier-0 configuration

Tier-0 configuration for external connectivity.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
advanced_config Advanced configuration for tier-0

NSX specific configuration for tier-0		 Tier0AdvancedConfig
arp_limit ARP limit per transport node

Maximum number of ARP entries per transport node.
int Minimum: 5000
Maximum: 50000
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildCommunityList
ChildEvpnConfig
ChildIPSecVpnService
ChildL2VPNService
ChildLocaleServices
ChildPolicyDnsForwarder
ChildPrefixList
ChildStaticRoutes
ChildTier0RouteMap
ChildTier0SecurityFeatures
default_rule_logging Enable logging for whitelisted rule

Indicates if logging should be enabled for the default whitelisting rule. This field is
deprecated and recommended to change Rule logging field. Note that this
field is not synchronized with default logging field.
boolean Deprecated
Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
dhcp_config_paths DHCP configuration for Segments connected to Tier-0

DHCP configuration for Segments connected to Tier-0. DHCP service is
configured in relay mode.
array of string Minimum items: 0
Maximum items: 1
disable_firewall Disable gateway firewall

Disable or enable gateway fiewall.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
failover_mode Failover mode

Determines the behavior when a Tier-0 instance in ACTIVE-STANDBY
high-availability mode restarts after a failure. If set to
PREEMPTIVE, the preferred node will take over, even if it causes
another failure. If set to NON_PREEMPTIVE, then the instance that
restarted will remain secondary. This property is not used when
the ha_mode property is set to ACTIVE_ACTIVE.
Only applicable when edge cluster is configured in Tier0
locale-service.
string Enum: PREEMPTIVE, NON_PREEMPTIVE
Default: "NON_PREEMPTIVE"
federation_config Federation releated config

Additional config for federation.		 FederationGatewayConfig Readonly
force_whitelisting Flag to add whitelisting FW rule during realization

This field is deprecated and recommended to change Rule action field.
Note that this field is not synchronized with default rule field.
boolean Deprecated
Default: "False"
ha_mode High-availability Mode for Tier-0

Specify high-availability mode for Tier-0. Default is ACTIVE_ACTIVE.
When ha_mode is changed from ACTIVE_ACTIVE to ACTIVE_STANDBY,
inter SR iBGP (in BGP) is disabled.
Changing ha_mode from ACTIVE_STANDBY to ACTIVE_ACTIVE will enable
inter SR iBGP (in BGP) and previously configured preferred edge nodes
(in Tier0 locale-service) are removed.
string Enum: ACTIVE_ACTIVE, ACTIVE_STANDBY
Default: "ACTIVE_ACTIVE"
id Unique identifier of this resource string Sortable
internal_transit_subnets Internal transit subnets in CIDR format

Specify subnets that are used to assign addresses to logical links
connecting service routers and distributed routers. Only IPv4
addresses are supported.
When not specified, subnet 169.254.0.0/24 is assigned by default
in ACTIVE_ACTIVE HA mode or 169.254.0.0/28 in ACTIVE_STANDBY mode.
array of string Maximum items: 1
intersite_config Inter site routing configuration

Inter site routing configuration when the gateway is streched.		 IntersiteGatewayConfig
ipv6_profile_paths IPv6 NDRA and DAD profiles configuration

IPv6 NDRA and DAD profiles configuration on Tier0. Either or both
NDRA and/or DAD profiles can be configured.
array of string Minimum items: 0
Maximum items: 2
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
rd_admin_field Route distinguisher administrator address

If you are using EVPN service, then route distinguisher administrator address
should be defined if you need auto generation of route distinguisher on your
VRF configuration.
IPAddress
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier0 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transit_subnets Transit subnets in CIDR format

Specify transit subnets that are used to assign addresses to logical links
connecting tier-0 and tier-1s. Both IPv4 and IPv6 addresses are supported.
When not specified, subnet 100.64.0.0/16 is configured by default. The value
in VRF tier-0 is always inherited from the parent.
array of string
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
vrf_config VRF config

VRF config, required for VRF Tier0.		 Tier0VrfConfig

Tier0AdvancedConfig (schema)

Advanced configuration for tier-0

NSX specific configuration for tier-0

Name Description Type Notes
connectivity Connectivity configuration

Connectivity configuration to manually connect (ON) or disconnect (OFF)
Tier-0/Tier1 segment from corresponding gateway.
This property does not apply to VLAN backed segments. VLAN backed segments
with connectivity OFF does not affect its layer-2 connectivity.
string Enum: ON, OFF
Default: "ON"
forwarding_up_timer Forwarding up timer

Extra time in seconds the router must wait before sending the UP
notification after the peer routing session is established. Default
means forward immediately. VRF logical router will set it same as parent
logical router.
integer Minimum: 0
Maximum: 300
Default: "0"

Tier0DeploymentMap (schema)

Tier-0 Deployment Map

Binding of Tier-0 to the enforcement point.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enforcement_point Absolute Path of Enforcement Point

Path of enforcement point on which Tier-0 shall be deployed.		 string Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier0DeploymentMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

Tier0DeploymentMapListRequestParameters (schema)

Tier0 Deployment Map List Request Parameters

Tier Deployment Map list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

Tier0DeploymentMapListResult (schema)

Paged Collection of Tier-0 Deployment Map

Paged collection of Tier-0 Deployment Map.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Tier-0 Deployment Maps

Tier-0 Deployment Maps.		 array of Tier0DeploymentMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Tier0GatewayState (schema)

Tier0 gateway state

Name Description Type Notes
auto_rds Auto assigned Route Distingushers

Object that holds auto assigned route distingushers for this gateway.		 AutoRds
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
string
ipv6_status IPv6 DAD status for Tier0 interfaces

IPv6 DAD status for interfaces configured on Tier0
array of IPv6Status
tier0_state Tier0 state

Detailed realized state information for Tier0
LogicalRouterState
tier0_status Tier0 status

Detailed realized status information for Tier0
LogicalRouterStatus
transport_zone Transport Zone Information

Transport Zone information which got configured on Gateway.		 PolicyTransportZone

Tier0HaVipConfig (schema)

Tier0 HA VIP Config

Name Description Type Notes
enabled Flag to enable this HA VIP config. boolean Default: "True"
external_interface_paths Policy paths to Tier0 external interfaces for providing redundancy

Policy paths to Tier0 external interfaces which are to be paired to provide redundancy. Floating IP will be owned by one of these interfaces depending upon which edge node is Active.		 array of string Required
Minimum items: 2
vip_subnets VIP floating IP address subnets

Array of IP address subnets which will be used as floating IP addresses.		 array of InterfaceSubnet Required
Minimum items: 1
Maximum items: 2

Tier0Interface (schema)

Tier-0 interface configuration

Tier-0 interface configuration for external connectivity.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
access_vlan_id Vlan id

Vlan id.		 VlanID
admin_state Flag to enable/disable admin_state of tier-0 service port

This flag is used to enable/disable admin state on tier-0 service port.
If admin_state flag value is not specified then default is UP. When set to UP then
traffic on service port will be enabled and service port is enabled from routing
perspective. When set to DOWN then traffic on service port will be disabled and
service port is down from routing perspective. This flag is experimental because
it will be used in V2T BYOT migration. This flag should not be set to UP or DOWN if
EVPN is configured, and tier-0 LR is in A/S mode. Also this flag can not be set to
UP or DOWN for service interfaces which are configured on vrf-lite.
string (Experimental)
Enum: UP, DOWN
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
dhcp_relay_path policy path of referenced dhcp-relay-config

Policy path of dhcp-relay-config to be attached to this Interface.
string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
edge_cluster_member_index Association of interface with edge cluster member

Specify association of interface with edge cluster member.
This property is deprecated, use edge_path instead. When both
properties are specifed, only edge_path property is used.
int Deprecated
Minimum: 0
edge_path Policy path to edge node

Policy path to edge node to handle external connectivity.
Required when interface type is EXTERNAL.
Edge path is required for service interface when tier0 is in ACTIVE_ACTIVE ha_mode.
Edge path is required for VRF service interface when parent tier0 is in ACTIVE_ACTIVE ha_mode.
string
id Unique identifier of this resource string Sortable
igmp_local_join_groups IGMP local join groups configuration

IGMP local join groups configuration.
array of IPv4Address
ipv6_profile_paths IPv6 NDRA profile configuration

Configuration IPv6 NDRA profile. Only one
NDRA profile can be configured.
array of string Minimum items: 0
Maximum items: 1
ls_id Logical switch id to attach tier-0 interface

Specify logical switch to which tier-0 interface is connected for
external access.
This property is deprecated, use segment_path instead. Both
properties cannot be used together.
string Deprecated
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mtu MTU size

Maximum transmission unit (MTU) specifies the size of the largest
packet that a network protocol can transmit.
int Minimum: 64
multicast Multicast PIM configuration

Multicast PIM configuration.
Tier0InterfacePimConfig
ospf OSPF configuration

OSPF configuration.		 PolicyInterfaceOspfConfig
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
proxy_arp_filters List of proxy Address Resolution Protocol Filters

Array of prefix lists used to specify filtering for ARP proxy.
Prefixes in this array are used to configure ARP proxy entries on Tier-0
gateway (for uplinks).
array of string Minimum items: 0
Maximum items: 1
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier0Interface string
segment_path Segment to attach tier-0 interface

Specify Segment to which this interface is connected to.
Either segment_path or ls_id property is required.
string
subnets IP address and subnet specification for interface

Specify IP address and network prefix for interface.
array of InterfaceSubnet Required
Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Interface type

Interface type
string Enum: EXTERNAL, SERVICE, LOOPBACK
Default: "EXTERNAL"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
urpf_mode Unicast Reverse Path Forwarding mode string Enum: NONE, STRICT
Default: "STRICT"

Tier0InterfaceListRequestParameters (schema)

Tier-0 Interface list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

Tier0InterfaceListResult (schema)

Paged collection of Tier-0 Interfaces

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Tier-0 Interface list results array of Tier0Interface Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Tier0InterfacePimConfig (schema)

Multicast PIM configuration

Multicast PIM configuration.

Name Description Type Notes
enabled enable/disable PIM configuration

enable/disable PIM configuration.
boolean Default: "False"
hello_interval PIM hello interval at interface level

PIM hello interval(seconds) at interface level.
int Minimum: 1
Maximum: 180
Default: "30"
hold_interval PIM hold interval at interface level

PIM hold interval(seconds) at interface level.
int Minimum: 1
Maximum: 630

Tier0ListRequestParameters (schema)

Tier-0 list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

Tier0ListResult (schema)

Paged collection of Tier-0s

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Tier-0 list results array of Tier0 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Tier0RouteMap (schema)

RouteMap for redistributing routes to BGP and other routing protocols

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
entries Ordered list of route map entries

Ordered list of route map entries.
array of RouteMapEntry Required
Minimum items: 1
Maximum items: 1000
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier0RouteMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

Tier0RouteMapListResult (schema)

Paged collection of RouteMaps

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Tier0RouteMap results array of Tier0RouteMap Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Tier0RouteRedistributionConfig (schema)

Route Redistribution config

Name Description Type Notes
bgp_enabled Flag to enable route redistribution for BGP. boolean Default: "True"
ospf_enabled Flag to enable route redistribution for OSPF. boolean Default: "False"
redistribution_rules List of redistribution rules.
array of Tier0RouteRedistributionRule Minimum items: 0
Maximum items: 5
Default: "[]"

Tier0RouteRedistributionRule (schema)

Single route redistribution rule

Name Description Type Notes
destinations List of destination for a given redistribution rule

Each rule can have more than one destinations. If destinations not specified for a given rule,
default destionation will be BGP
array of string Enum: BGP, OSPF
name Rule name string
route_map_path Route map to be associated with the redistribution rule string
route_redistribution_types List of redistribution types array of Tier0RouteRedistributionTypes Required

Tier0RouteRedistributionTypes (schema)

Tier-0 route redistribution types

Tier-0 route redistribution types.

TIER0_STATIC: Redistribute user added static routes.
TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and
routes related to TIER0_SEGMENT,
TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types.
TIER1_STATIC: Redistribute all subnets and static routes advertised
by Tier-1s.
TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets
on Tier-0.
TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets
on Tier-0.
TIER0_SEGMENT: Redistribute subnets configured on Segments connected
to Tier-0.
TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0
TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets.
TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets.
TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets.
TIER0_NAT: Redistribute NAT IPs owned by Tier-0.
TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0.
TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances.
TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances.
TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances.
TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1
instances.
TIER1_CONNECTED: Redistribute all subnets configured on Segments and
Service Interfaces.
TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets.
TIER1_SEGMENT: Redistribute subnets configured on Segments connected
to Tier1.
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint
subnets advertised by TIER1.


Route redistribution destination is BGP.

Name Description Type Notes
Tier0RouteRedistributionTypes Tier-0 route redistribution types

Tier-0 route redistribution types.

TIER0_STATIC: Redistribute user added static routes.
TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and
routes related to TIER0_SEGMENT,
TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types.
TIER1_STATIC: Redistribute all subnets and static routes advertised
by Tier-1s.
TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets
on Tier-0.
TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets
on Tier-0.
TIER0_SEGMENT: Redistribute subnets configured on Segments connected
to Tier-0.
TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0
TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets.
TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets.
TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets.
TIER0_NAT: Redistribute NAT IPs owned by Tier-0.
TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0.
TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances.
TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances.
TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances.
TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1
instances.
TIER1_CONNECTED: Redistribute all subnets configured on Segments and
Service Interfaces.
TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets.
TIER1_SEGMENT: Redistribute subnets configured on Segments connected
to Tier1.
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint
subnets advertised by TIER1.


Route redistribution destination is BGP.
string Enum: TIER0_STATIC, TIER0_CONNECTED, TIER0_EXTERNAL_INTERFACE, TIER0_SEGMENT, TIER0_ROUTER_LINK, TIER0_SERVICE_INTERFACE, TIER0_LOOPBACK_INTERFACE, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT, TIER0_EVPN_TEP_IP, TIER1_NAT, TIER1_STATIC, TIER1_LB_VIP, TIER1_LB_SNAT, TIER1_DNS_FORWARDER_IP, TIER1_CONNECTED, TIER1_SERVICE_INTERFACE, TIER1_SEGMENT, TIER1_IPSEC_LOCAL_ENDPOINT

Tier0SecurityFeature (schema)

T0 Security feature entity with feature details

Name Description Type Notes
enable Flag to enable/disable

true - enable the feature, false - disable the feture		 boolean Required
Default: "False"
feature Tier0SecurityFeaturesSupported Required

Tier0SecurityFeatureParameters (schema)

T0 Security Feature parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
feature Tier0SecurityFeaturesSupported
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

Tier0SecurityFeatures (schema)

T0 Security features entity with feature details

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
features array of Tier0SecurityFeature Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier0SecurityFeatures string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

Tier0SecurityFeaturesSupported (schema)

Collection of T0 supported security features

Feature to be enabled/disabled.
IDFW - Identity Firewall
Use any one of this to enable/disabe it.

Name Description Type Notes
Tier0SecurityFeaturesSupported Collection of T0 supported security features

Feature to be enabled/disabled.
IDFW - Identity Firewall
Use any one of this to enable/disabe it.
string Readonly
Enum: IDFW

Tier0StateRequestParameters (schema)

State request parameters for Tier0 gateway

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
interface_path Interface path for interface specific state such as IPv6 DAD state

String Path of interface on current Tier0 gateway for interface
specified state such as IPv6 DAD state.
When not specified, IPv6 NDRA state from from all interfaces is returned.
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Returns specific information based on the value specified.

Returns specific information based on the value specified.
When not specified response include gateway state, status and DAD status from interfaces.
string Enum: GATEWAY_STATE, GATEWAY_STATUS, IPV6_STATUS

Tier0VrfConfig (schema)

Tier-0 vrf configuration

Tier-0 vrf configuration.

Name Description Type Notes
evpn_l2_vni_config VRF configurations required for EVPN service in ROUTE_SERVER mode.

It is required for VRF to participate in the EVPN service in ROUTE_SERVER
mode.
VrfEvpnL2VniConfig
evpn_transit_vni L3 VNI associated with the VRF for overlay traffic

L3 VNI associated with the VRF for overlay traffic of ethernet virtual
private network (EVPN). It must be unique and available from the VNI
pool defined for EVPN service. It is required for VRF to participate
in the EVPN service in INLINE mode.
int
route_distinguisher Route distinguisher

Route distinguisher with format in IPAddress: or ASN:.		 string
route_targets Route targets

Route targets.		 array of VrfRouteTargets Minimum items: 1
Maximum items: 1
tier0_path Tier0 path

Default tier0 path. Cannot be modified after realization.
string Required

Tier1 (schema)

Tier-1

Tier-1 instance configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
arp_limit ARP limit per transport node

Maximum number of ARP entries per transport node.
int Minimum: 5000
Maximum: 50000
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildIPSecVpnService
ChildL2VPNService
ChildLocaleServices
ChildPolicyDnsForwarder
ChildSecurityFeatures
ChildSegment
ChildStaticRoutes
default_rule_logging Enable logging for whitelisted rule

Indicates if logging should be enabled for the default whitelisting rule. This field is
deprecated and recommended to change Rule logging field. Note that this
field is not synchronized with default logging field.
boolean Deprecated
Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
dhcp_config_paths DHCP configuration for Segments connected to Tier-1

DHCP configuration for Segments connected to Tier-1. DHCP service is
enabled in relay mode.
array of string Minimum items: 0
Maximum items: 1
disable_firewall Disable gateway firewall

Disable or enable gateway fiewall.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enable_standby_relocation Flag to enable standby service router relocation.

Flag to enable standby service router relocation.
Standby relocation is not enabled until edge cluster is configured
for Tier1.
boolean Default: "False"
failover_mode Failover mode

Determines the behavior when a Tier-1 instance restarts after a
failure. If set to PREEMPTIVE, the preferred node will take over,
even if it causes another failure. If set to NON_PREEMPTIVE,
then the instance that restarted will remain secondary.
Only applicable when edge cluster is configured in Tier1
locale-service.
string Enum: PREEMPTIVE, NON_PREEMPTIVE
Default: "NON_PREEMPTIVE"
federation_config Federation releated config

Additional config for federation.		 FederationGatewayConfig Readonly
force_whitelisting Flag to add whitelisting FW rule during realization

This field is deprecated and recommended to change Rule action field.
Note that this field is not synchornied with default rule field.
boolean Deprecated
Default: "False"
ha_mode High-availability Mode for Tier-1

Specify high-availability mode for Tier-1.
string Enum: ACTIVE_STANDBY
id Unique identifier of this resource string Sortable
intersite_config Inter site routing configuration

Inter site routing configuration when the gateway is streched.		 IntersiteGatewayConfig
ipv6_profile_paths IPv6 NDRA and DAD profiles configuration

Configuration IPv6 NDRA and DAD profiles. Either or both
NDRA and/or DAD profiles can be configured.
array of string Minimum items: 0
Maximum items: 2
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pool_allocation Edge node allocation size

Supports edge node allocation at different sizes for routing and
load balancer service to meet performance and scalability requirements.
ROUTING: Allocate edge node to provide routing services.
LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE: Specify size of load balancer
service that will be configured on TIER1 gateway.
string Enum: ROUTING, LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE
Default: "ROUTING"
qos_profile Gateway QoS Profile configuration

QoS Profile configuration for Tier1 router link connected to Tier0 gateway.
GatewayQosProfileConfig
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier1 string
route_advertisement_rules Route advertisement rules and filtering array of RouteAdvertisementRule
route_advertisement_types Enable different types of route advertisements

Enable different types of route advertisements.
When not specified, routes to IPSec VPN local-endpoint subnets
(TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised.
array of Tier1RouteAdvertisentTypes
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tier0_path Tier-1 connectivity to Tier-0

Specify Tier-1 connectivity to Tier-0 instance.
string
type Tier1 type

Tier1 connectivity type for reference. Property value is not validated
with Tier1 configuration.
ROUTED: Tier1 is connected to Tier0 gateway and routing is enabled.
ISOLATED: Tier1 is not connected to any Tier0 gateway.
NATTED: Tier1 is in ROUTED type with NAT configured locally.
string Enum: ROUTED, ISOLATED, NATTED
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

Tier1DeploymentMap (schema)

Tier-1 Deployment Map

Binding of Tier-1 to the enforcement point.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enforcement_point Absolute path of Enforcement Point

Path of enforcement point on which Tier-1 shall be deployed.		 string Required
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier1DeploymentMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

Tier1GatewayState (schema)

Tier1 gateway state

Name Description Type Notes
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
string
ipv6_status IPv6 DAD status for Tier1 interfaces

IPv6 DAD status for interfaces configured on Tier1
array of IPv6Status
tier1_state Tier1 state

Detailed realized state information for Tier1
LogicalRouterState
tier1_status Tier1 status

Detailed realized status information for Tier1
LogicalRouterStatus
transport_zone Transport Zone Information

Transport Zone information which got configured on Gateway.		 PolicyTransportZone

Tier1Interface (schema)

Tier-1 interface configuration

Tier-1 interface configuration for attaching services.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
admin_state Flag to enable/disable admin_state of tier-1 service port

This flag is used to enable/disable admin state on tier-1 service port.
If admin_state flag value is not specified then default is UP. When set to UP
then traffic on service port will be enabled and service port is enabled from
routing perspective. When set to DOWN then traffic on service port will be
disabled and service port is down from routing perspective. This flag is
experimental because it will be used in V2T BYOT migration.
string (Experimental)
Enum: UP, DOWN
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
dhcp_relay_path policy path of referenced dhcp-relay-config

Policy path of dhcp-relay-config to be attached to this Interface.
string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ipv6_profile_paths IPv6 NDRA profile configuration

Configrue IPv6 NDRA profile. Only one
NDRA profile can be configured.
array of string Minimum items: 0
Maximum items: 1
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
mtu MTU size

Maximum transmission unit (MTU) specifies the size of the largest
packet that a network protocol can transmit.
int Minimum: 64
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value Tier1Interface string
segment_path Policy path of Segment to attach interface

Policy path of Segment to which interface is connected to.
string Required
subnets IP address and subnet specification for interface

Specify IP address and network prefix for interface.
array of InterfaceSubnet Required
Minimum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
urpf_mode Unicast Reverse Path Forwarding mode string Enum: NONE, STRICT
Default: "STRICT"

Tier1InterfaceListResult (schema)

Paged collection of Tier-1 Interfaces

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Tier-1 Interface list results array of Tier1Interface Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Tier1ListRequestParameters (schema)

Tier-1 list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

Tier1ListResult (schema)

Paged collection of Tier-1 instances

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Tier-1 list results array of Tier1 Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Tier1RouteAdvertisentTypes (schema)

Control routes advertised by Tier-1 instance.
TIER1_STATIC_ROUTES: Advertise all STATIC routes.
TIER1_CONNECTED: Advertise all subnets configured on connected
Interfaces and Segments.
TIER1_NAT: Advertise all NAT IP addresses.
TIER1_LB_VIP: Advertise all Load-balancer VIPs.
TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses.
TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets.

Name Description Type Notes
Tier1RouteAdvertisentTypes Control routes advertised by Tier-1 instance.
TIER1_STATIC_ROUTES: Advertise all STATIC routes.
TIER1_CONNECTED: Advertise all subnets configured on connected
Interfaces and Segments.
TIER1_NAT: Advertise all NAT IP addresses.
TIER1_LB_VIP: Advertise all Load-balancer VIPs.
TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses.
TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets.
string Enum: TIER1_STATIC_ROUTES, TIER1_CONNECTED, TIER1_NAT, TIER1_LB_VIP, TIER1_LB_SNAT, TIER1_DNS_FORWARDER_IP, TIER1_IPSEC_LOCAL_ENDPOINT

Tier1StateRequestParameters (schema)

State request parameters for Tier1 gateway

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path Enforcement point path

String Path of the enforcement point.
When not specified, routes from all enforcement-points are returned.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
interface_path Interface path for interface specific state such as IPv6 DAD state

String Path of interface on current Tier1 gateway for interface
specified state such as IPv6 DAD state.
When not specified, IPv6 NDRA state from from all interfaces is returned.
string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Returns specific information based on the value specified.

Returns specific information based on the value specified.
When not specified response include gateway state, status and DAD status from interfaces.
string Enum: GATEWAY_STATE, GATEWAY_STATUS, IPV6_STATUS

TierGatewayReprocessParameters (schema)

Name Description Type Notes
enforcement_point_path String Path of the enforcement point

Enforcement point path. Required when multiple enforcement points are
configured.
string

TimeRangeDropdownFilterWidgetConfiguration (schema)

Time Range Dropdown Filter widget Configuration

Represents configuration for dropdown filter widget for Time Range.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
alias Alias to be used when emitting filter value

Alias to be used when emitting filter value.		 string
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
default_value Expression to specify default value

Expression to specify default value of filter.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
dropdown_filter_plot_config Dropdown filter plotting configuration

Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only.		 DropdownFilterPlotConfiguration
dropdown_item Definition for item of a dropdown

Defines the item of a dropdown.		 DropdownItem
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
placeholder_msg Placeholder message to be shown in filter

Placeholder message to be displayed in dropdown filter.		 string
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value TimeRangeDropdownFilterWidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
static_filter_condition Expression for evaluating condition

If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally.		 string
static_filters Additional static items to be added in dropdown filter

Additional static items to be added in dropdown filter. Example can be 'ALL'.		 array of StaticFilter
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
time_range_filter_info Definition for time range filter.

Defines the time range filter configuration.		 TimeRangeFilterInfo
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

TimeRangeFilterInfo (schema)

time range filter information

Name Description Type Notes
from_param_name from parameter name for time range filter.

from parameter name used for time range filter from date value.		 string Maximum length: 1024
Default: "fromDate"
to_param_name to parameter name for time range filter

to parameter name used for time range filter to date value.		 string Maximum length: 1024
Default: "toDate"
value_type type of time range filter value

type of time range filter value can be epoch, ISO date Format.		 string Enum: EPOCH
Default: "EPOCH"

TlsCertificate (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
details list of X509Certificates. array of X509Certificate Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
has_private_key whether we have the private key for this certificate. boolean Required
Readonly
Default: "False"
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pem_encoded pem encoded certificate data. string Required
purpose Purpose of this certificate. Can be empty or set to "signing-ca". string Readonly
Enum: signing-ca
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsCertificate string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tls_certificate_type Classification of the TlsCertificate helps differentiate how a TlsCertificate could be
used for various components either as a client trust certificate; CERTIFICATE_CA, or
as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.
string Readonly
Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsCertificateList (schema)

Certificate queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TlsCertificate list. array of TlsCertificate Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TlsCiphers (schema)

TLS balanced cipher

Name Description Type Notes
TlsCiphers TLS balanced cipher string Enum: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA

TlsConfigProfileBindingMap (schema)

Policy TLS Config Profile binding map

This entity will be used to establish association between TLS Config
profile and Logical Routers.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profile_path Profile Path

PolicyPath of associated Profile		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsConfigProfileBindingMap string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsConfigSettings (schema)

TLS config settings

Pre-defined config settings. Settings could be one of Balanced, High Fidelity, High Security, Custom

Name Description Type Notes
TlsConfigSettings TLS config settings

Pre-defined config settings. Settings could be one of Balanced, High Fidelity, High Security, Custom
string Required
Enum: BALANCED, HIGH_FIDELITY, HIGH_SECURITY, CUSTOM

TlsCrl (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
crl_type Type of CRL

The type of the CRL. It can be "OneCRL" or "X509" (default).		 string Enum: OneCRL, X509
Default: "X509"
description Description of this resource string Maximum length: 1024
Sortable
details Details of the X509Crl object

Details of the X509Crl object.		 X509Crl Readonly
details_revoked_by_issuer_and_serial_number Certificates revoked by issuer and serial number array of IssuerSerialNumber Readonly
details_revoked_by_subject_and_public_key_hash Certificates revoked by subject and public key hash array of SubjectPublicKeyHash Readonly
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
one_crl JSON-encoded OneCRL-like object string
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pem_encoded Pem encoded crl data

Pem encoded crl data.		 string
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsCrl string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsCrlListResult (schema)

Paged Collection of TlsCrl

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TlsCrl list results array of TlsCrl Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TlsCsr (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
algorithm Cryptographic algorithm (asymmetric) used by the public key for data encryption. string Enum: RSA
Default: "RSA"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_ca Whether the CSR is for a CA certificate. boolean Default: "False"
key_size Size measured in bits of the public key used in a cryptographic algorithm. integer Default: "4096"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pem_encoded PEM encoded certificate data. string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsCsr string
subject The certificate owner's information. (CN, O, OU, C, ST, L) Principal Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsCsrListResult (schema)

Paged Collection of TlsCsr

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TlsCsr list results array of TlsCsr Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TlsCsrWithDaysValid (schema)

CSR data with days valid

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
algorithm Cryptographic algorithm (asymmetric) used by the public key for data encryption. string Enum: RSA
Default: "RSA"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
days_valid Number of days the certificate will be valid, default 825 days integer Minimum: 1
Maximum: 10000
Default: "825"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_ca Whether the CSR is for a CA certificate. boolean Default: "False"
key_size Size measured in bits of the public key used in a cryptographic algorithm. integer Default: "4096"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
pem_encoded PEM encoded certificate data. string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsCsrWithDaysValid string
subject The certificate owner's information. (CN, O, OU, C, ST, L) Principal Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsInspectionExternalProfile (schema)

TLS inspection external profile

External inspection profile is used when the TLS connection is destined to a service not owned by the enterprise.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attention TLS Pre-defined settings mis-match

Used to indicate an TLS version or Cipher version pre-defined settings mis-match.
string Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
client_cipher_suite List of cipher suites client supports

Client's list of cipher suites. Required if CryptoEnforcement
is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
array of TlsCiphers Maximum items: 128
Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
client_max_tls_version Maximum TLS version client supports

Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2.		 TlsProtocol Default: "TLS_V1_2"
client_min_tls_version Minimum TLS version client supports

Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2.		 TlsProtocol Default: "TLS_V1_1"
crls Certificate Revocation List Ids

Bypass profile - CRL is required if the "invalid_certificate" action is allow.
External profile - CRL is always required.
Internal profile - CRL is required if "certificate_validation" is turned on.
array of string Maximum items: 100
Default: "['/infra/crls/default_public_crl']"
crypto_enforcement CryptoEnforcement Default: "ENFORCE"
decryption_fail_action DecryptionFailAction Default: "BYPASS"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
idle_connection_timeout Idle connection timeout in seconds

Timeout the connection when kept idle. Default is 90 minutes.		 int Minimum: 1
Maximum: 4320000
Default: "5400"
invalid_cert_action InvalidCertificateAction Default: "ALLOW"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
ocsp_must_staple Flag to enable/disable ocsp must staple

true - enable the ocsp must staple, false - disable it.		 boolean Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
proxy_trusted_ca_cert Proxy trusted ca cert and key

Proxy trusted ca cert and key used to issue valid ca certificate.
This is the subordinate CA cert (referred to as Proxy CA) by the Enterprise Issuing CA.
string Required
proxy_untrusted_ca_cert Proxy untrusted ca cert and key

Proxy untrusted ca cert and key used to issue invalid ca certificate		 string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsInspectionExternalProfile string Required
Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile
server_cipher_suite List of cipher suites server support

Server's list of cipher suites. Required if CryptoEnforcement
is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
array of TlsCiphers Maximum items: 128
Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
server_max_tls_version Maximum TLS version server supports

Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.		 TlsProtocol Default: "TLS_V1_2"
server_min_tls_version Minimum TLS version server supports

Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.		 TlsProtocol Default: "TLS_V1_1"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tls_config_setting TlsConfigSettings Default: "BALANCED"
trusted_ca_bundles List of CA bundle Ids

Bypass profile - CA bundle is required if the "invalid_certificate" action is allow.
External profile - CA bundle is always required.
Internal profile - CA bundle is required if "certificate_validation" is turned on.
array of string Maximum items: 100
Default: "['/infra/cabundles/default_trusted_public_ca_bundle']"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsInspectionInternalProfile (schema)

TLS inspection internal profile

Internal inspection Profile is used when the TLS connection is destined to a service not owned by the enterprise.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attention TLS Pre-defined settings mis-match

Used to indicate an TLS version or Cipher version pre-defined settings mis-match.
string Readonly
certificate_validation Flag to enable/disable certificate validation

true - enable the certificate validation; false - disable it.		 boolean Default: "False"
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
client_cipher_suite List of cipher suites client supports

Client's list of cipher suites. Required if CryptoEnforcement
is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
array of TlsCiphers Maximum items: 128
Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
client_max_tls_version Maximum TLS version client supports

Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.		 TlsProtocol Default: "TLS_V1_2"
client_min_tls_version Minimum TLS version client supports

Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.		 TlsProtocol Default: "TLS_V1_1"
crls Certificate Revocation List Ids

Bypass profile - CRL is required if the "invalid_certificate" action is allow.
External profile - CRL is always required.
Internal profile - CRL is required if "certificate_validation" is turned on.
array of string Maximum items: 100
Default: "['/infra/crls/default_public_crl']"
crypto_enforcement CryptoEnforcement Default: "ENFORCE"
decryption_fail_action DecryptionFailAction Default: "BYPASS"
default_cert_key One of the actual server certificate presented to the client

Default server certificate presented to the user.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
idle_connection_timeout Idle connection timeout in seconds

Timeout the connection when kept idle. Default is 90 minutes.		 int Minimum: 1
Maximum: 4320000
Default: "5400"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
ocsp_must_staple Flag to enable/disable ocsp must staple

true - enable the ocsp must staple, false - disable it.		 boolean Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsInspectionInternalProfile string Required
Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile
server_certs_key Actual server certificate key

Server certificate presented to the client.		 array of string Required
Maximum items: 100
server_cipher_suite List of cipher suites server support

Server's list of cipher suites. Required if CryptoEnforcement
is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
array of TlsCiphers Maximum items: 128
Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
server_max_tls_version Maximum TLS version server supports

Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.0, TLS1.1 and TLS1.2		 TlsProtocol Default: "TLS_V1_2"
server_min_tls_version Minimum TLS version server supports

Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. supported versions are TLS1.1 and TLS1.2.		 TlsProtocol Default: "TLS_V1_1"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tls_config_setting TlsConfigSettings Default: "BALANCED"
trusted_ca_bundles List of CA bundle Ids

Bypass profile - CA bundle is required if the "invalid_certificate" action is allow.
External profile - CA bundle is always required.
Internal profile - CA bundle is required if "certificate_validation" is turned on.
array of string Maximum items: 100
Default: "['/infra/cabundles/default_trusted_public_ca_bundle']"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsListenerCertificate (schema)

Remote TLS Listener Certificate

Returns the certificate and thumbprint of a remote TLS listener, if the
listener is running and accepting requests. If the certificate cannot be
retrieved, the result property describes the problem.

Name Description Type Notes
certificate The certificate of the TLS listener

The certificate of the TLS listener.		 X509Certificate Readonly
result Result of get certificate operation

Result of get certificate operation.		 string Enum: SUCCESS, CONNECTION_TIMEOUT, NO_ROUTE_TO_HOST, CONNECTION_REFUSED
thumbprint The SHA-256 thumbprint of the TLS listener

The SHA-256 thumbprint of the TLS listener.		 string Readonly

TlsListenerEndpointAddressRequestParameters (schema)

TLS Listener Endpoint Address Request Parameters

The hostname or IP, and TCP port number of the listener to connect to.

Name Description Type Notes
address Host name or IP address of TLS listener

Host name or IP address of TLS listener.		 string Required
Format: hostname-or-ip
port TCP port number of the TLS listener

TCP port number of the TLS listener		 int Required
Minimum: 0
Maximum: 65535

TlsPolicy (schema)

Contains ordered list of Rules for TLSPolicy

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
category A way to classify a security policy, if needed.

- Distributed Firewall -
Policy framework provides five pre-defined categories for classifying
a security policy. They are "Ethernet","Emergency", "Infrastructure"
"Environment" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these security
policies. Ethernet category is for supporting layer 2 firewall rules.
The other four categories are applicable for layer 3 rules. Amongst
them, the Emergency category has the highest priority followed by
Infrastructure, Environment and then Application rules. Administrator
can choose to categorize a security policy into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
- Edge Firewall -
Policy Framework for Edge Firewall provides six pre-defined categories
"Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules",
"AutoServiceRules" and "Default", in order of priority of rules.
All categories are allowed for Gatetway Policies that belong
to 'default' Domain. However, for user created domains, category is
restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the
users can add/modify/delete rules from only the "SharedPreRules" and
"LocalGatewayRules" categories. If user doesn't specify the category
then defaulted to "Rules". System generated category is used by NSX
created rules, for example BFD rules. Autoplumbed category used by
NSX verticals to autoplumb data path rules. Finally, "Default" category
is the placeholder default rules with lowest in the order of priority.
string
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
(Abstract type: pass one of the following concrete types)
ChildTlsRule
comments SecurityPolicy lock/unlock comments

Comments for security policy lock/unlock.		 string
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
internal_sequence_number Internal sequence number

This field is to indicate the internal sequence number of a policy
with respect to the policies across categories.
int Readonly
is_default Default policy flag

A flag to indicate whether policy is a default policy.		 boolean Readonly
lock_modified_by User who locked the security policy

ID of the user who last modified the lock for the secruity policy.
string Readonly
lock_modified_time SecuirtyPolicy locked/unlocked time

SecurityPolicy locked/unlocked time in epoch milliseconds.		 EpochMsTimestamp Readonly
locked Lock a security policy

Indicates whether a security policy should be locked. If the
security policy is locked by a user, then no other user would
be able to modify this security policy. Once the user releases
the lock, other users can update this security policy.
boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsPolicy string
rule_count Rule count

The count of rules in the policy.
int Readonly
rules Rules that are a part of this TLSPolicy array of TlsRule
scheduler_path Path to the scheduler for time based scheduling

Provides a mechanism to apply the rules in this policy for a specified
time duration.
string
scope The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope.
Supported only for security and redirection policies. In case of
RedirectionPolicy, it is expected only when the policy is NS and
redirecting to service chain.
array of string Maximum items: 128
sequence_number Sequence number to resolve conflicts across Domains

This field is used to resolve conflicts between security policies
across domains. In order to change the sequence number of a policy
one can fire a POST request on the policy entity with
a query parameter action=revise
The sequence number field will reflect the value of the computed
sequence number upon execution of the above mentioned POST request.
For scenarios where the administrator is using a template to update
several security policies, the only way to set the sequence number is
to explicitly specify the sequence number for each security policy.
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple policies with the same
sequence number then their order is not deterministic. If a specific
order of policies is desired, then one has to specify unique sequence
numbers or use the POST request on the policy entity with
a query parameter action=revise to let the framework assign a
sequence number.
The value of sequence number must be between 0 and 999,999.
int Minimum: 0
stateful Stateful nature of the entries within this security policy.

Stateful or Stateless nature of security policy is enforced on all
rules in this security policy. When it is stateful, the state of
the network connects are tracked and a stateful packet inspection is
performed.
Layer3 security policies can be stateful or stateless. By default, they are stateful.
Layer2 security policies can only be stateless.
boolean
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tcp_strict Enforce strict tcp handshake before allowing data packets

Ensures that a 3 way TCP handshake is done before the data packets
are sent.
tcp_strict=true is supported only for stateful security policies.
If the tcp_strict flag is not specified and the security policy
is stateful, then tcp_strict will be set to true.
boolean
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsPolicyListRequestParameters (schema)

TlsPolicy list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
include_rule_count Include the count of rules in policy

If true, populate the rule_count field with the count of rules in
the particular policy. By default, rule_count will not be populated.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

TlsPolicyListResult (schema)

Paged Collection of TLS inspection policies

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TLSPolicy list results array of TlsPolicy Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TlsProfile (schema)

This is an abstract type. Concrete child types:
TlsInspectionExternalProfile
TlsInspectionInternalProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attention TLS Pre-defined settings mis-match

Used to indicate an TLS version or Cipher version pre-defined settings mis-match.
string Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
crls Certificate Revocation List Ids

Bypass profile - CRL is required if the "invalid_certificate" action is allow.
External profile - CRL is always required.
Internal profile - CRL is required if "certificate_validation" is turned on.
array of string Maximum items: 100
Default: "['/infra/crls/default_public_crl']"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
idle_connection_timeout Idle connection timeout in seconds

Timeout the connection when kept idle. Default is 90 minutes.		 int Minimum: 1
Maximum: 4320000
Default: "5400"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsProfile string Required
Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
trusted_ca_bundles List of CA bundle Ids

Bypass profile - CA bundle is required if the "invalid_certificate" action is allow.
External profile - CA bundle is always required.
Internal profile - CA bundle is required if "certificate_validation" is turned on.
array of string Maximum items: 100
Default: "['/infra/cabundles/default_trusted_public_ca_bundle']"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsProfileListRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

TlsProfileListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of the TLS profiles

List of TLS profiles.		 array of TlsProfile
(Abstract type: pass one of the following concrete types)
TlsInspectionExternalProfile
TlsInspectionInternalProfile		 Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TlsProtocol (schema)

TLS protocol

Name Description Type Notes
TlsProtocol TLS protocol string Enum: TLS_V1_2, TLS_V1_1, TLS_V1_0

TlsRule (schema)

A rule specifies the TLS policy rule between the workload groups

A rule indicates the decryption actions to be performed for various types of traffic flowing between workload groups.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
destination_groups Destination group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
destinations_excluded Negation of destination groups

If set to true, the rule gets applied on all the groups that are
NOT part of the destination groups. If false, the rule applies to the
destination groups
boolean Default: "False"
direction Direction

Define direction of traffic.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Flag to disable the rule

Flag to disable the rule. Default is enabled.		 boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.
The value is set to IPV4_IPV6 for Layer3 rule if not specified.
For Layer2/Ether rule the value must be null.
string Enum: IPV4, IPV6, IPV4_IPV6
is_default Default rule flag

A flag to indicate whether rule is a default rule.		 boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.		 boolean Default: "False"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
notes Text for additional notes on changes

Text for additional notes on changes.		 string Maximum length: 2048
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
profiles Layer 7 service profiles or TLS action profile

Holds the list of layer 7 service profile paths. These profiles accept
attributes and sub-attributes of various network services
(e.g. L4 AppId, encryption algorithm, domain name, etc) as key value
pairs. Instead of Layer 7 service profiles you can use a L7 access profile.
One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule.
In case of L7 access profile only one is allowed.
array of string Maximum items: 128
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsRule string
rule_id Unique rule ID

This is a unique 4 byte positive number that is assigned by the system.
This rule id is passed all the way down to the data path. The first 1GB
(1000 to 2^30) will be shared by GM and LM with zebra style striped
number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM
and so on.
integer Readonly
scope The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied
on multiple LRs/LRPs.
array of string Maximum items: 128
sequence_number Sequence number of the this Rule

This field is used to resolve conflicts between multiple
Rules under Security or Gateway Policy for a Domain
If no sequence number is specified in the payload, a value of 0 is
assigned by default. If there are multiple rules with the same
sequence number then their order is not deterministic. If a specific
order of rules is desired, then one has to specify unique sequence
numbers or use the POST request on the rule entity with
a query parameter action=revise to let the framework assign a
sequence number
int Minimum: 0
service_entries Raw services

In order to specify raw services this can be used,
along with services which contains path to services.
This can be empty or null.
array of ServiceEntry
(Abstract type: pass one of the following concrete types)
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry		 Maximum items: 128
services Names of services

In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
array of string Maximum items: 128
source_groups Source group paths

We need paths as duplicate names may exist for groups under different
domains. Along with paths we support IP Address of type IPv4 and IPv6.
IP Address can be in one of the format(CIDR, IP Address, Range of IP Address).
In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
array of string Maximum items: 128
sources_excluded Negation of source groups

If set to true, the rule gets applied on all the groups that are
NOT part of the source groups. If false, the rule applies to the
source groups
boolean Default: "False"
tag Tag applied on the rule

User level field which will be printed in CLI and packet logs.
Even though there is no limitation on length of a tag, internally
tag will get truncated after 32 characters.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tls_profile TLS inspection action profile path

TLS profile path.		 string Required
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsRuleListRequestParameters (schema)

TLS Rule list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

TlsRuleListResult (schema)

Paged Collection of Rules

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TLS Rule list results array of TlsRule Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TlsStateObject (schema)

TLS state

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
failure_reasons TLS inspection failure reasons

TLS inspection failure reasons.		 array of string Maximum items: 128
Default: "[]"
fqdn Fully Qualified Domain Name

Fully Qualified Domain Name.
string Required
id Unique identifier of this resource string Sortable
inspection_action TLS inspection action

TLS inspection bypass action.
string Enum: INVALID, BYPASS, DROP, REJECT
Default: "INVALID"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsStateObject string
scope Tier-0/Tier-1 Logical Router policy path

Tier-0/Tier-1 Logical Router policy path
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TlsStateObjectListParameters (schema)

Tls State Object list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
failed_domains TLS inspection failed domain filter

TLS inspection failed domain filter. Could be one of true or false.
boolean Default: "True"
fqdn Fully Qualified Domain Name

Fully Qualified Domain Name.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

TlsStateObjectListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TLS state list results.

TLS state list results.
array of TlsStateObject Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TlsTrustData (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
key_algo Key algorithm contained in this certificate. string
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
passphrase Password for private key encryption. string
path Absolute path of this object

Absolute path of this object		 string Readonly
pem_encoded pem encoded certificate data. string Required
private_key private key data string
purpose Purpose of this certificate. Can be empty or set to "signing-ca". string Enum: signing-ca
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TlsTrustData string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TnAgentStatusType (schema)

Agent status type

Name Description Type Notes
TnAgentStatusType Agent status type string Enum: UNKNOWN, HEALTHY, UNHEALTHY, DEGRADED

TnContainerStatusType (schema)

Container status type

Name Description Type Notes
TnContainerStatusType Container status type string Enum: UNKNOWN, HEALTHY, DOWN, DEGRADED

TnHyperbusStatus (schema)

Name Description Type Notes
hyperbus_status Hyperbus status

Display the hyperbus status		 TnAgentStatusType Required
transport_node_id Transport node id

Transport node id.		 string Required

TnNodeAgentStatusListResult (schema)

Container agent status list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Container agent status array of TnNodeAgentstatus Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TnNodeAgentstatus (schema)

Name Description Type Notes
hyperbus_connection_status Show VIF status

Show the Node Agent connected VM vif status.		 TnAgentStatusType Required
vif_id Connected VM VIF id

Connected VM vif id.		 string Required

TnNodeStackSpanStatus (schema)

List all L3PortMirrorSession TN nodes mirror stack health status

List all the TNs spaned in L3PortMirrorSession mirror stack health status.

Name Description Type Notes
dedicated_stack_status Mirror stack health status

Show the dedicated mirror stack health status, if the TN node has the mirror
stack, it will show SUCCESS or it will show FAILED.
MirrorStackStatusType Required
detail give detail info and reason about the vmknic and statck status

Give the detail info for mirror stack and vmknic health status.
If the stack or vmknic is FAILED, detail info will tell user reason
why the stauts is FAILED. So that user can correct their configuration.
string Required
last_updated_time last updated time of TN node stack status

TN miror stack status will be updated periodically, this item
indicates the lastest timestamp of TN node stack status is updated.
EpochMsTimestamp Required
tn_node_id TN node ID that configured L3PortMirrorSession mirror stack

For L3PortMirrorSession configured mirror stack, show the TN node UUID
which spaned in L3PortMirrorSession.
string
tn_node_name TN node name that configured L3SPAN mirror stack

For L3PortMirrorSession configured mirror stack, show the TN node friendly
name which spaned in L3PortMirrorSession.
string Required
vmknic_status Mirror vmknic status

Show the vmknic health status, if the vmknic has been bouned to mirror
stack, it will show SUCCESS or it will show FAILED.
MirrorStackStatusType Required

TokenBasedPrincipalIdentity (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_protected Protection indicator

Indicator whether the entities created by this principal should be protected.		 boolean
name Name

Name of the principal. This will be matched to the name provided in the token.		 string Required
Maximum length: 255
Pattern: "^[a-zA-Z0-9]+([-._@]?[a-zA-Z0-9]+)*$"
node_id Unique node-id

Unique node-id of a principal. This is used primarily in the case
where a cluster of nodes is used to make calls to the NSX Manager and
the same 'name' is used so that the nodes can access and modify the
same data while still accessing NSX through their individual secret
(certificate or JWT). In all other cases this can be any string.
string Required
Maximum length: 255
Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type Must be set to the value TokenBasedPrincipalIdentity string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

TokenBasedPrincipalIdentityListResult (schema)

Token-based PrincipalIdentity query result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TokenBasedPrincipalIdentity list. array of TokenBasedPrincipalIdentity Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

Tooltip (schema)

Tooltip

Tooltip to be shown while hovering over the dashboard UI element.

Name Description Type Notes
condition Expression for evaluating condition

If the condition is met then the tooltip will be applied. If no condition is provided, then the tooltip will be applied unconditionally. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.		 string Maximum length: 1024
heading Tooltip will be treated as header.

If true, displays tooltip text in bold		 boolean
text Textbox shown at tooltip

Text to be shown on tooltip while hovering over UI element. The text would be wrapped if it exceeds 80 chars.		 string Required
Maximum length: 1024

TraceActionArgument (schema)

Name Description Type Notes
dest_lport Destination logical port for bidirectional trace

It is required only when the type of trace is bidirectional. Please keep this field aligned with the
destination logical port of packet capture action config when the type of packet capture action is bidirectional.
string Readonly
reverse_filter Packet filter for flows of interest in reverse direction

It takes effect only when the type of trace is bidirectional. Please keep this aligned with the packet filter
of reverse direction of packet capture action config when the type of packet capture action is bidirectional.
LiveTraceFilterData
(Abstract type: pass one of the following concrete types)
FieldsFilterData
PlainFilterData		 Readonly
trace_type Type of trace string Required
Readonly
Enum: UNI_DIRECTIONAL, BI_DIRECTIONAL

TraceActionConfig (schema)

Name Description Type Notes
action_argument Action argument for trace TraceActionArgument Required
Readonly
sampling_argument Sample argument for trace

Only first-N sampling is supported and the maximum sampling number is 50.
SamplingArgument
(Abstract type: pass one of the following concrete types)
FirstNSampling
IntervalSampling
PacketNumberSampling		 Required
Readonly

TraceResult (schema)

Name Description Type Notes
analysis Trace action result analysis notes array of string Readonly
counters Observation counters TraceflowObservationCounters Readonly
direction Direction of a trace string Readonly
Enum: FORWARD, BACKWARD
logical_counters Observation counters for logical components TraceflowObservationCounters Readonly
observations Trace observation list array of TraceflowObservation
(Abstract type: pass one of the following concrete types)
PolicyTraceflowObservationDelivered
PolicyTraceflowObservationDropped
PolicyTraceflowObservationDroppedLogical
PolicyTraceflowObservationForwardedLogical
PolicyTraceflowObservationReceivedLogical
PolicyTraceflowObservationRelayedLogical
TraceflowObservationDelivered
TraceflowObservationDropped
TraceflowObservationDroppedLogical
TraceflowObservationForwarded
TraceflowObservationForwardedLogical
TraceflowObservationReceived
TraceflowObservationReceivedLogical
TraceflowObservationRelayedLogical
TraceflowObservationReplicationLogical		 Readonly
packet_id Packet ID in the session string Required
Readonly
result_overflowed Whether some observations were deleted from the result set boolean Readonly

Traceflow (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
analysis Traceflow result analysis notes array of string Readonly
counters observation counters TraceflowObservationCounters Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id The id of the traceflow round string Required
Readonly
logical_counters counters of observations from logical components TraceflowObservationCounters Readonly
lport_id id of the source logical port used for injecting the traceflow packet string Readonly
operation_state Represents the traceflow operation state string Required
Readonly
Enum: IN_PROGRESS, FINISHED, FAILED
request_status Traceflow request status

The status of the traceflow RPC request. SUCCESS - The traceflow request is sent successfully. TIMEOUT - The traceflow request gets timeout. SOURCE_PORT_NOT_FOUND - The source port of the request cannot be found. DATA_PATH_NOT_READY - The datapath component cannot be ready to receive request. CONNECTION_ERROR - There is connection error on datapath component. UNKNOWN - The status of traceflow request cannot be determined.		 string Readonly
Enum: SUCCESS, TIMEOUT, SOURCE_PORT_NOT_FOUND, DATA_PATH_NOT_READY, CONNECTION_ERROR, UNKNOWN
resource_type Must be set to the value Traceflow string
result_overflowed A flag, when set true, indicates some observations were deleted from the result set. boolean Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Timeout (in ms) for traceflow observations result list

Maximum time (in ms) the management plane will be waiting for this traceflow round. Upper limit for federation case is 90000, for non-federation case is 15000, the maximum is set to 90000 as the higher of the two cases.		 integer Readonly
Minimum: 5000
Maximum: 90000

TraceflowComponentSubType (schema)

Name Description Type Notes
TraceflowComponentSubType string Enum: LR_TIER0, LR_TIER1, LR_VRF_TIER0, LS_TRANSIT, SI_CLASSIFIER, SI_PROXY, VDR, ENI, AWS_GATEWAY, TGW_ROUTE, EDGE_UPLINK, DELL_GATEWAY, LGW_ROUTE, UNKNOWN

TraceflowComponentType (schema)

Name Description Type Notes
TraceflowComponentType string Enum: PHYSICAL, LR, LS, DFW, BRIDGE, EDGE_TUNNEL, EDGE_HOSTSWITCH, FW_BRIDGE, EDGE_RTEP_TUNNEL, LOAD_BALANCER, NAT, IPSEC, SERVICE_INSERTION, VMC, SPOOFGUARD, EDGE_FW, DLB, ANTREA_SPOOFGUARD, ANTREA_LB, ANTREA_ROUTING, ANTREA_DFW, ANTREA_FORWARDING, HOST_SWITCH, UNKNOWN

TraceflowConfig (schema)

Traceflow configuration

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_transient Marker to indicate if intent is transient

This field indicates if intent is transient and will be cleaned up by the system if set to true		 boolean Default: "True"
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
packet Packet configuration

Configuration of packet data		 PacketData
(Abstract type: pass one of the following concrete types)
BinaryPacketData
FieldsPacketData		 Required
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value TraceflowConfig string
segment_port_path Segment Port Path or UUID

Policy path or UUID of segment port to start traceflow from. Auto-plumbed
ports don't have corresponding policy path. Ports auto-created by
policy as part of connecting segment to Tier-0 or Tier-1 or DHCP
server cannot be used. UUID is validated for syntax only. This
configuration will be cleaned up by the system after two hours of inactivity.
string Deprecated
source_id Segment Port Path or UUID

Policy path or UUID of segment port to start traceflow from. Auto-plumbed
ports don't have corresponding policy path. UUID is validated for syntax only. This
configuration will be cleaned up by the system after two hours of inactivity.
string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Timeout for traceflow observation results

Maximum time in seconds the management plane will wait for observation
result to be generated. The default, minimum and maximum timeout values,
in seconds, for: Single site environment - minimum 5, default 10, maximum 15.
Federated enviroment - minimum 15, default 30, maximum 60.
These values are validated by the system based on type of environment.
integer Minimum: 5
Maximum: 60
Default: "10"
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

TraceflowConfigListResult (schema)

Paged Collection of TraceflowConfigs

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TraceflowConfig list results array of TraceflowConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TraceflowListParameters (schema)

Traceflow list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
lport_id id of the source logical port where the trace flows originated string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

TraceflowListResult (schema)

Traceflow queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Traceflow Results array of Traceflow Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TraceflowObservation (schema)

This is an abstract type. Concrete child types:
PolicyTraceflowObservationDelivered
PolicyTraceflowObservationDropped
PolicyTraceflowObservationDroppedLogical
PolicyTraceflowObservationForwardedLogical
PolicyTraceflowObservationReceivedLogical
PolicyTraceflowObservationRelayedLogical
TraceflowObservationDelivered
TraceflowObservationDropped
TraceflowObservationDroppedLogical
TraceflowObservationForwarded
TraceflowObservationForwardedLogical
TraceflowObservationReceived
TraceflowObservationReceivedLogical
TraceflowObservationRelayedLogical
TraceflowObservationReplicationLogical

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
resource_type TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly

TraceflowObservationCounters (schema)

Name Description Type Notes
delivered_count Delivered observation count

Total number of delivered observations for this traceflow round.		 integer Readonly
dropped_count Dropped observation count

Total number of dropped observations for this round.		 integer Readonly
forwarded_count Forwarded observation count

Total number of forwarded observations for this traceflow round.		 integer Readonly
received_count Received observation count

Total number of received observations for this traceflow round.		 integer Readonly

TraceflowObservationDelivered (schema)

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
lport_id The id of the logical port into which the traceflow packet was delivered string Readonly
lport_name The name of the logical port into which the traceflow packet was delivered string Readonly
resolution_type The resolution type of the delivered message for ARP

This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by port DB ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP ARP_VM - No suppression and the ARP request is resolved.		 string Readonly
Enum: UNKNOWN, ARP_SUPPRESSION_PORT_CACHE, ARP_SUPPRESSION_TABLE, ARP_SUPPRESSION_CP_QUERY, ARP_VM
resource_type Must be set to the value TraceflowObservationDelivered TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
target_mac MAC address of the resolved IP by ARP

The source MAC address of form:
"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.
string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
vlan_id VLAN on bridged network VlanID

TraceflowObservationDropped (schema)

Name Description Type Notes
acl_rule_id The id of the L3 firewall rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a L3 firewall rule.
integer Readonly
arp_fail_reason The detailed drop reason of ARP traceflow packet

This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction		 string Readonly
Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
jumpto_rule_id The ID of the jump-to rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a jump-to rule.
integer Readonly
l2_rule_id The ID of the l2 rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a l2 rule.
integer Readonly
lport_id The id of the logical port at which the traceflow packet was dropped string Readonly
lport_name The name of the logical port at which the traceflow packet was dropped string Readonly
nat_rule_id The ID of the NAT rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a NAT rule.
integer Readonly
reason The reason traceflow packet was dropped

This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall		 string Readonly
Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN
resource_type Must be set to the value TraceflowObservationDropped TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly

TraceflowObservationDroppedLogical (schema)

Name Description Type Notes
acl_rule_id The id of the L3 firewall rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a L3 firewall rule.
integer Readonly
arp_fail_reason The detailed drop reason of ARP traceflow packet

This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction		 string Readonly
Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_id The id of the component that dropped the traceflow packet. string Readonly
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
jumpto_rule_id The ID of the jump-to rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a jump-to rule.
integer Readonly
l2_rule_id The ID of the l2 rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a l2 rule.
integer Readonly
lport_id The id of the logical port at which the traceflow packet was dropped string Readonly
lport_name The name of the logical port at which the traceflow packet was dropped string Readonly
nat_rule_id The ID of the NAT rule that was applied to drop the traceflow packet

This field is specified when the traceflow packet matched a NAT rule.
integer Readonly
reason The reason traceflow packet was dropped

This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall		 string Readonly
Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN
resource_type Must be set to the value TraceflowObservationDroppedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
service_path_index The index of service path

The index of service path that is a chain of services
represents the point where the traceflow packet was dropped.
integer Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly

TraceflowObservationForwarded (schema)

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
context The 64bit tunnel context carried on the wire integer
dst_transport_node_id The id of the transport node to which the traceflow packet is forwarded

This field will not be always available. Use remote_ip_address when this field is not set.		 string Readonly
dst_transport_node_name The name of the transport node to which the traceflow packet is forwarded string Readonly
local_ip_address IP address of the source end of the tunnel IPAddress
remote_ip_address IP address of the destination end of the tunnel IPAddress
resource_type Must be set to the value TraceflowObservationForwarded TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
uplink_name The name of the uplink the traceflow packet is forwarded on string
vtep_label The virtual tunnel endpoint label integer

TraceflowObservationForwardedLogical (schema)

Name Description Type Notes
acl_rule_id The id of the L3 firewall rule that was applied to forward the traceflow packet

This field is specified when the traceflow packet matched a L3 firewall rule.
integer Readonly
component_id The id of the component that forwarded the traceflow packet. string Readonly
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
dst_component_id The id of the destination component to which the traceflow packet was forwarded. string Readonly
dst_component_name The name of the destination component to which the traceflow packet was forwarded. string Readonly
dst_component_type The type of the destination component to which the traceflow packet was forwarded. TraceflowComponentType Readonly
jumpto_rule_id The ID of the jump-to rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a jump-to rule.
integer Readonly
l2_rule_id The ID of the l2 rule that was applied to the traceflow packet

This field is specified when the traceflow packet matched a l2 rule.
integer Readonly
lport_id The id of the logical port through which the traceflow packet was forwarded. string Readonly
lport_name The name of the logical port through which the traceflow packet was forwarded. string Readonly
nat_rule_id The ID of the NAT rule that was applied to forward the traceflow packet

This field is specified when the traceflow packet matched a NAT rule.
integer Readonly
resend_type The type of packet resending

ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type		 string Readonly
Enum: UNKNOWN, ARP_UNKNOWN_FROM_CP, ND_NS_UNKNWON_FROM_CP
resource_type Must be set to the value TraceflowObservationForwardedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
service_index The index of the service insertion component integer Readonly
service_path_index The path index of the service insertion component integer Readonly
service_ttl The ttl of the service insertion component integer Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
spoofguard_ip Prefix IP address matched in the whitelist in spoofguard

This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard.		 IPCIDRBlock Readonly
spoofguard_mac MAC address matched in the whitelist in spoofguard

The source MAC address of form:
"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.
MACAddress Readonly
spoofguard_vlan_id VLAN id matched in the whitelist in spoofguard

This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard.		 VlanID Readonly
svc_nh_mac MAC address of nexthop

MAC address of nexthop for service insertion(SI)
in service VM(SVM) where the traceflow packet was received.
string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
translated_dst_ip The translated destination IP address of VNP/NAT IPAddress Readonly
translated_src_ip The translated source IP address of VPN/NAT IPAddress Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
vlan VLAN for the logical network on which the traceflow packet was forwarded

This field is specified when the traceflow packet was forwarded by a VLAN
logical network.
VlanID Readonly
vni VNI for the logical network on which the traceflow packet was forwarded.

This field is specified when the traceflow packet was forwarded by an overlay
logical network.
int Readonly

TraceflowObservationListParameters (schema)

Traceflow Observation list parameters

Name Description Type Notes
component_name Observations having the given component name will be listed.

Observations of all component names will be listed if not given.		 string
component_type Observations having the given component type will be listed.

Observations of all component types will be listed if not given.		 TraceflowComponentType
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_type The type of observations that will be listed.

Prefix matching; e.g. TraceflowObservationReceived will also matches TraceflowObservationReceivedLogical. Observations of all types will be listed if not given.		 TraceflowObservationType
sort_ascending boolean
sort_by Field by which records are sorted string
transport_node_name Observations having the given transport node name will be listed.

Observations of all transport node names will be listed if not given.		 string

TraceflowObservationListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TraceflowObservation list results array of TraceflowObservation
(Abstract type: pass one of the following concrete types)
PolicyTraceflowObservationDelivered
PolicyTraceflowObservationDropped
PolicyTraceflowObservationDroppedLogical
PolicyTraceflowObservationForwardedLogical
PolicyTraceflowObservationReceivedLogical
PolicyTraceflowObservationRelayedLogical
TraceflowObservationDelivered
TraceflowObservationDropped
TraceflowObservationDroppedLogical
TraceflowObservationForwarded
TraceflowObservationForwardedLogical
TraceflowObservationReceived
TraceflowObservationReceivedLogical
TraceflowObservationRelayedLogical
TraceflowObservationReplicationLogical
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TraceflowObservationReceived (schema)

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
local_ip_address IP address of the destination end of the tunnel IPAddress
remote_ip_address IP address of the source end of the tunnel IPAddress
resource_type Must be set to the value TraceflowObservationReceived TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
uplink_name The name of the uplink the traceflow packet is received on string
vtep_label The virtual tunnel endpoint label integer

TraceflowObservationReceivedLogical (schema)

Name Description Type Notes
component_id The id of the component that received the traceflow packet. string Readonly
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
lport_id The id of the logical port at which the traceflow packet was received string Readonly
lport_name The name of the logical port at which the traceflow packet was received string Readonly
resource_type Must be set to the value TraceflowObservationReceivedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
src_component_id The id of the source component from which the traceflow packet was received. string Readonly
src_component_name The name of source component from which the traceflow packet was received. string Readonly
src_component_type The type of the source component from which the traceflow packet was received. TraceflowComponentType Readonly
svc_mac MAC address of SAN volume controller

MAC address of SAN volume controller for service insertion(SI)
in service VM(SVM) where the traceflow packet was received.
string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
vlan VLAN for the logical network on which the traceflow packet was received.

This field is specified when the traceflow packet was received by a VLAN
logical network.
VlanID Readonly
vni VNI for the logical network on which the traceflow packet was received.

This field is specified when the traceflow packet was received by an overlay
logical network.
int Readonly

TraceflowObservationRelayedLogical (schema)

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
dst_server_address The IP address of the destination

This field specified the IP address of the destination which the packet will be relayed.		 IPAddress Required
Readonly
logical_comp_uuid The id of the component which relay service located

This field specified the logical component that relay service located.		 string Readonly
message_type The type of the relay service

This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client		 string Required
Readonly
Enum: REQUEST, REPLY
Default: "REQUEST"
relay_server_address The IP address of relay service

This field specified the IP address of the relay service.		 IPAddress Required
Readonly
resource_type Must be set to the value TraceflowObservationRelayedLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly

TraceflowObservationReplicationLogical (schema)

Name Description Type Notes
component_name The name of the component that issued the observation. string Readonly
component_sub_type The sub type of the component that issued the observation. TraceflowComponentSubType Readonly
component_type The type of the component that issued the observation. TraceflowComponentType Readonly
local_ip_address Local IP address of the component that replicates the packet. IPAddress Readonly
replication_type The replication type of the message

This field specifies the type of replication message TX_VTEP - Transmit replication to all VTEPs TX_MTEP - Transmit replication to all MTEPs RX - Receive replication		 string Readonly
Enum: TX_VTEP, TX_MTEP, RX
resource_type Must be set to the value TraceflowObservationReplicationLogical TraceflowObservationType Required
Default: "TraceflowObservationReceived"
sequence_no the sequence number is the traceflow observation hop count

the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.		 integer Required
Readonly
site_path Policy path of the federated site

This field contains the site path where this observation was generated.		 string Readonly
timestamp Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (milliseconds epoch)		 EpochMsTimestamp Readonly
timestamp_micro Timestamp when the observation was created by the transport node

Timestamp when the observation was created by the transport node (microseconds epoch)		 integer Readonly
transport_node_id id of the transport node that observed a traceflow packet string Readonly
transport_node_name name of the transport node that observed a traceflow packet string Readonly
transport_node_type type of the transport node that observed a traceflow packet TransportNodeType Readonly
uplink_name The name of uplink string Readonly
vtep_label The label of VTEP integer Readonly

TraceflowObservationType (schema)

Name Description Type Notes
TraceflowObservationType string Enum: TraceflowObservationForwarded, TraceflowObservationDropped, TraceflowObservationDelivered, TraceflowObservationReceived, TraceflowObservationForwardedLogical, TraceflowObservationDroppedLogical, TraceflowObservationReceivedLogical, TraceflowObservationReplicationLogical, TraceflowObservationRelayedLogical

TraceflowRequest (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
lport_id id of the source logical port to inject the traceflow packet into string Required
packet Packet configuration PacketData
(Abstract type: pass one of the following concrete types)
BinaryPacketData
FieldsPacketData		 Required
resource_type Must be set to the value TraceflowRequest string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
timeout Timeout (in ms) for traceflow observations result list

Maximum time (in ms) the management plane will wait for observation result list to be sent by controller plane. Upper limit for federation case is 90000, for non-federation case is 15000, the maximum is set to 90000 as the higher of the two cases.		 integer Minimum: 5000
Maximum: 90000
Default: "10000"

TraceflowRequestParameter (schema)

Traceflow request parameter, used in hierarchical API.

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path of enforcement point on which traceflow session was created.		 string Required
resource_type Must be set to the value TraceflowRequestParameter string Required

TraceflowStatusRequest (schema)

Traceflow request status

Name Description Type Notes
enforcement_point_path Enforcement point path

Policy path of enforcement point on which traceflow session was created.
string

TrafficRateLimits (schema)

Rate limiting configuration

Enables traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to disable rate limiting for a specific traffic type

Name Description Type Notes
rx_broadcast Broadcast receive limit

Incoming broadcast traffic limit in packets per second		 int Minimum: 0
Default: "0"
rx_multicast Multicast receive limit

Incoming multicast traffic limit in packets per second		 int Minimum: 0
Default: "0"
tx_broadcast Broadcast transmit limit

Outgoing broadcast traffic limit in packets per second		 int Minimum: 0
Default: "0"
tx_multicast Multicast transmit limit

Outgoing multicast traffic limit in packets per second		 int Minimum: 0
Default: "0"

TransportInfo (schema)

Name Description Type Notes
dst_port Destination port integer Minimum: 0
Maximum: 65535
protocol Protocol type over IP layer string Enum: TCP, UDP, ICMPv4, ICMPv6
src_port Source port integer Minimum: 0
Maximum: 65535

TransportNode (schema)

Transport Node

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
failure_domain_id Id of the failure domain

Set failure domain of edge transport node which will help in
auto placement of TIER1 logical routers, DHCP Servers and
MDProxies, if failure domain based allocation is enabled in
edge cluster API. It is only supported for edge transport node
and not for host transport node. In case failure domain is not
set by user explicitly, it will be always assigned with default
system created failure domain.
string
host_switch_spec Transport node host switch specification

This property is used to either create standard host switches
or to inform NSX about preconfigured host switches that already
exist on the transport node.

Pass an array of either StandardHostSwitchSpec objects or
PreconfiguredHostSwitchSpec objects. It is an error to pass
an array containing different types of HostSwitchSpec objects.
HostSwitchSpec
(Abstract type: pass one of the following concrete types)
PreconfiguredHostSwitchSpec
StandardHostSwitchSpec
id Unique identifier of this resource string Sortable
is_overridden Indicates if config is different than compute collection.

This flag is relevant to only those hosts which are part of a
compute collection which has transport node profile (TNP)
applied on it. If you change the transport node configuration
and it is different than cluster level TNP then this flag will
be set to true
boolean Readonly
maintenance_mode transport node maintenance mode desired state

The property is read-only, used for querying result. User could update transport node maintenance mode by UpdateTransportNodeMaintenanceMode call.		 string Readonly
Enum: ENABLED, FORCE_ENABLED, DISABLED
node_deployment_info Node
(Abstract type: pass one of the following concrete types)
EdgeNode
HostNode
Node
PublicCloudGatewayNode
node_id Unique Id of the fabric node string Deprecated
Readonly
remote_tunnel_endpoint Configuration for a remote tunnel endpoint

This should be configured only on a single host switch. It is only
supported for edge transport nodes and not for host transport nodes.
This configuration will be used by overlay traffic that is meant to
be sent between NSX intersite domains.
TransportNodeRemoteTunnelEndpointConfig
resource_type Must be set to the value TransportNode string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

TransportNodeCollection (schema)

Compute collection transport node template

Entity to indicate relation between Compute collection and Transport node template

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
compute_collection_id Compute collection id string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
has_nvds Flag indicating if applied profile has NVDS boolean
id Unique identifier of this resource string Sortable
install_mode Flag indicating security status of Transport Node Collection string Readonly
Enum: MICROSEG, NORMAL
resource_type Must be set to the value TransportNodeCollection string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_node_profile_id Transport Node Profile ID string Required

TransportNodeCollectionListRequestParameters (schema)

Filter criteria for listing transport node collections.

Name Description Type Notes
cluster_moid Managed object ID of cluster in VC

Managed object ID of cluster in VC. vc_instance_uuid has to be provided along with this parameter otherwise it will return empty list.		 string
compute_collection_id Compute collection id

Compute collection id against which the serach will be done. If this parameter is provided then other parameters will be ignored.		 string
vc_instance_uuid UUID for VC deployment

This is UUID of VC deployment as seen in managed objects of VC as "instanceUuid". cluster_moid has to be provided along with this parameter otherwise it will return empty list.		 string

TransportNodeCollectionListResult (schema)

Transport Node collections list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Transport Node collection results array of TransportNodeCollection Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TransportNodeCollectionRequestParameters (schema)

Parameters that dictate how operations are processed

Name Description Type Notes
apply_profile Indicates if the Transport Node Profile (TNP) configuration should be applied during creation

This flag should be used when the configuration specified by the
transport_node_profile_id should not be applied to existing hosts
referred to by the compute_collection_id during transport node collection
creation. If this flag is set to false, the TNP configuration will not be
applied to any of the hosts in the cluster during creation. Any transport
node that exists in the cluster that has a different configuration than the
TNP configuration will have the is_overridden flag set to true. This will
result in the transport node collection creation completing with a status
of PROFILE_MISMATCH.

If this flag is set to true, the default value, the TNP configuration will
be applied to all hosts in the cluster during transport node collection
creation.
boolean Default: "True"

TransportNodeCollectionState (schema)

Transport node template application state

Realization state of attaching or detaching Transport node profile on compute collection.

Name Description Type Notes
aggregate_progress_percentage Aggregate percentage of compute collection deployment

Average of all transport node deployment progress in a cluster. Applicable only if transport node profile is applied on a cluster.		 integer Readonly
cluster_level_error Errors which needs cluster level to resolution

Errors while applying transport node profile which need cluster level action to resolve		 string
state Application state of transport node template on compute collection

If the host preparation or transport node creation is going on for
any host then state will be "IN_PROGRESS".

If setting desired state of the transport node failed for any of
the host then state will be "FAILED_TO_CREATE"

If realization of transport node failed for any of
the host then state will be "FAILED_TO_REALIZE"

If Transport node is successfully created for all of the hosts in
compute collection then state will be "SUCCESS"

You can override the configuration for one or more hosts in the
compute collection by update TN(transport node) request on individual
TN. If TN is successfully created for all hosts in compute collection
and one or more hosts have overridden configuration then transport node
collection state will be "PROFILE_MISMATCH".
string Readonly
Enum: FAILED_TO_CREATE, FAILED_TO_REALIZE, IN_PROGRESS, PROFILE_MISMATCH, SUCCESS
validation_errors Errors while applying transport node profile on discovered node

Transport node profile(TNP) will not be applied to a discovered node(DN) if some validations are not passed. In this case transport node is not created or existing transport node is not updated with TNP configurations.		 array of ValidationError
vlcm_transition_error Errors while enabling vLCM on the compute collection

When vLCM is enabled on a compute collection in vSphere the transition workflow is triggered. This field indicates error in this special case.		 string Readonly

TransportNodeDeleteParameters (schema) (Deprecated)

Parameters that affect how delete operations are processed

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"
unprepare_host Uninstall NSX components from host while deleting boolean Default: "True"

TransportNodeDeploymentProgressState (schema) (Deprecated)

Deployment progress of transport node

Deployment progress state of transport node. Object has current deployment step title and progress in percentage.

Name Description Type Notes
current_step_title Deployment step title string Readonly
progress Percentage of deployment completed integer Readonly

TransportNodeFilter (schema)

Transport node filter

Transport node filter

Name Description Type Notes
node_type Transport node type

Transport node type		 string Enum: HOST, EDGE

TransportNodeIdParameters (schema)

Name Description Type Notes
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
transport_node_id TransportNode Id string

TransportNodeInfoForRegister (schema)

Transport node info for register

Name Description Type Notes
display_name Transport node name to display string
node_deployment_info NodeDeploymentInfo
node_id Node ID string
resource_type string Enum: TransportNode

TransportNodeListParameters (schema)

Transport Node list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
in_maintenance_mode maintenance mode flag

If the flag is true, transport node with 'ENABLED' or 'FORCE_ENABLED' desired state will be returned, otherwise transport nodes in 'DISABLED' will be returned.		 boolean
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
node_id node identifier

This property can be used by itself or along with 'transport_zone_id'.		 string
node_ip Fabric node IP address

This property can only be used alone. It can not be combined with other filtering properties.		 string
node_types a list of fabric node types separated by comma or a single type

The fabric node type is the resource_type of the Node such as HostNode, EdgeNode and PublicCloudGatewayNode. If a list of fabric node types are given, all transport nodes of all given types will be returned.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
transport_zone_id Transport zone identifier

This propery can be used along with 'node_id'.		 string

TransportNodeListResult (schema)

Transport Node queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TransportNode Results array of TransportNode Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TransportNodeMemberInfo (schema) (Deprecated)

Information about participating transport nodes

Name Description Type Notes
compute_collection_id Id of the compute collection to which this transport node belongs. Empty if this is standalone transport node or non ESX type node. string Readonly
host_switches List of host switches using the transport zone array of HostSwitchInfo Readonly
transport_node_display_name Display name of the transport node which has one or more host switches which belong to associated transport zone. string Readonly
transport_node_id Id of the transport node which has one or more host switches which belong to associated transport zone. string Required
Readonly

TransportNodeProfile (schema) (Deprecated)

Transport Node Profile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
host_switch_spec Transport node host switch specification

The HostSwitchSpec is the base class for standard and preconfigured
host switch specifications. Only standard host switches are supported
in the transport node profile.
HostSwitchSpec
(Abstract type: pass one of the following concrete types)
PreconfiguredHostSwitchSpec
StandardHostSwitchSpec
id Unique identifier of this resource string Sortable
ignore_overridden_hosts Determines if cluster-level configuration should be applied on overridden hosts

Transport Node Profiles specify the configuration that is applied to all
hosts in a cluster. The user has the ability to update the configuration
on individual hosts within a cluster which will cause the host configuration
to differ from the Transport Node Profile and results in the host to be
marked as overridden. If a Transport Node Profile is edited or a new
Transport Node Profile is applied on a Transport Node Collection, by default,
the host configuration will be overwritten with the Transport Node Profile
configuration and the overridden flag will be reset to false. This flag
should be used when hosts that are set as overridden should not adopt the
Transport Node Profile configuration when it is being updated or a new one
is applied to the Transport Node Collection. In other words, when this flag is
set to the default value of false and configuration is applied at the cluster
level, the configuration will be applied on all hosts regardless if overridden
or not. When this flag is set to true, all hosts that are set as overridden, i.e.,
have been updated invidivually, will be ignored and the cluster-level configuration
will not be applied.
Note, Transport Node Profiles can be applied on multiple clusters. This field will
dictate the behavior followed by all clusters using this Transport Node Profile.
boolean Default: "False"
resource_type Must be set to the value TransportNodeProfile string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

TransportNodeProfileListResult (schema) (Deprecated)

Transport Node Profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results TransportNodeProfile Results array of TransportNodeProfile Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TransportNodeRemoteTunnelEndpointConfig (schema)

Remote tunnel endpoint configuration

Name Description Type Notes
host_switch_name The host switch name to be used for the remote tunnel endpoint

The host switch name should reference an existing host switch specified in the transport node configuration. The name will be used to identify the host switch responsible for processing remote tunnel endpoint traffic.		 string Required
ip_assignment_spec Specification for IPs to be used with host switch remote tunnel endpoints

IPs can come from either a static IP pool or an explicitly specified IP list. Therefore, specifying any other IP assignment type will result in error. In case a list of IPs is specified, the number of IPs provided should be sufficient as per the teaming policy associated with the host switch uplink profile used by the remote tunnel endpoint.		 IpAssignmentSpec
(Abstract type: pass one of the following concrete types)
AssignedByDhcp
StaticIpListSpec
StaticIpMacListSpec
StaticIpPoolSpec		 Required
named_teaming_policy The named teaming policy to be used by the remote tunnel endpoint

Specifying this field will override the default teaming policy of the host switch and will be used by remote tunnel endpoint traffic.		 string
rtep_vlan VLAN id for remote tunnel endpoint

The transport VLAN id used for tagging intersite overlay traffic between remote tunnel endpoints.		 VlanID Required

TransportNodeReportParameters (schema)

Name Description Type Notes
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
status Transport node string Enum: UP, DOWN, DEGRADED

TransportNodeSpanEnforcedStatus (schema)

Enforced Realized Status across Transport Nodes

Detailed Realized Status of an Intent on a span of Transport Nodes.

Name Description Type Notes
enforced_status_per_transport_node List of Enforced Realized Status per Transport Node

List of Detailed Realized Status per Transport Node.		 array of EnforcedStatusPerTransportNode Readonly
resource_type Must be set to the value TransportNodeSpanEnforcedStatus string Required
Readonly
Enum: TransportNodeSpanEnforcedStatus

TransportNodeState (schema)

Transport Node State

Name Description Type Notes
deployment_progress_state Deployment progress state of transport node realization TransportNodeDeploymentProgressState Readonly
details Array of configuration state of various sub systems array of ConfigurationStateElement Readonly
failure_code Error code integer Readonly
failure_message Error message in case of failure string Readonly
host_switch_states States of HostSwitches on the host array of HostSwitchState Readonly
maintenance_mode_state the present realized maintenance mode state MaintenanceModeState Readonly
node_deployment_state Deployment status of installation ConfigurationState Readonly
remote_tunnel_endpoint_state Remote tunnel endpoint configuration state RemoteTunnelEndpointConfigState Readonly
state Overall state of desired configuration

Gives details of state of desired configuration.
Additional enums with more details on progress/success/error states
are sent for edge node. The success states are NODE_READY and
TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED,
VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values
indicate failures.
"in_sync" state indicates that the desired configuration has been
received by the host to which it applies, but is not yet in effect.
When the configuration is actually in effect, the state will
change to "success".
Please note, failed state is deprecated.
string Required
Readonly
Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS
transport_node_id Unique Id of the TransportNode string Readonly

TransportNodeStateListResult (schema)

Transport node state queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Transport Node State Results array of TransportNodeState Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TransportNodeStateParameters (schema)

Name Description Type Notes
mm_state Realized maintenance node state MaintenanceModeState
status Realized state of transport nodes string Enum: PENDING, IN_PROGRESS, SUCCESS, PARTIAL_SUCCESS, FAILED, ORPHANED
vtep_ip Virtual tunnel endpoint ip address of transport node string

TransportNodeStatus (schema)

Name Description Type Notes
agent_status NSX agents status AgentStatusCount
control_connection_status Control connection status StatusCount
mgmt_connection_status Management connection status string Enum: UP, DOWN
node_display_name Display name

Transport node display name		 string
node_path Transport node path string
node_status Node status NodeStatus
node_uuid Transport node uuid string
pnic_status pNIC status StatusCount
status Roll-up status of connections

Roll-up status of pNIC, management connection, control connection, tunnel status, agent status		 string Enum: UP, DOWN, DEGRADED, UNKNOWN
threat_status Threat status ThreatStatus
tunnel_status Tunnel Status TunnelStatusCount

TransportNodeStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of transport node statuses array of TransportNodeStatus
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TransportNodeStatusParametersWithDataSource (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
source The data source, either realtime or cached. If not provided, cached data is returned. DataSourceType
status Transport node

Rolled-up status of pNIC, management connection, control connection, tunnel status and agent status. UP means all of these are up; DOWN represents the state when pNIC or agent status is down. DEGRADED status here represents the state for a node when its pNIC bond status is DEGRADED, or, its Control connection status is either DEGRADED or DOWN. UNKNOWN is the case when both control connection, tunnel and agent status are unknown. If none of these conditions are true, the node status is considered DOWN.		 string Enum: UP, DOWN, DEGRADED, UNKNOWN

TransportNodeType (schema)

Name Description Type Notes
TransportNodeType string Enum: ESX, RHELKVM, UBUNTUKVM, CENTOSKVM, RHELCONTAINER, CENTOSCONTAINER, RHELSERVER, UBUNTUSERVER, CENTOSSERVER, SLESKVM, SLESSERVER, WINDOWSSERVER, RHELSMARTNIC, OELSERVER, UBUNTUSMARTNIC, EDGE, PUBLIC_CLOUD_GATEWAY_NODE, OTHERS, HYPERV

TransportNodeUpdateParameters (schema) (Deprecated)

Transport node update parameters

Transport node update parameters are mainly used for migrating ESX VMkernel (vmk) interfaces and VM NICs into or out-of logical switches. The 'esx_mgmt_if_migration_dest' and 'if_id' must be used as a pair to migrate vmk interfaces; they can not be used to migrate VM NICs. NSX manager will auto-create logical ports and vif ids for the vmk interfaces when they are used to migrate vmks into logical switches. The 'vnic' and 'vnic_migration_dest' must also be used as a pair; they can be used to migrate both vmk interfaces and VM NICs. When they are used to migrate interfaces into logical switches, logical ports and vif ids must be created in advance because 'vnic_migration_dest' must contain existing vif ids. These two paires can not be specified together.

Name Description Type Notes
esx_mgmt_if_migration_dest The network ids to which the ESX vmk interfaces will be migrated

A comma separated list of network ids. When migrating vmks into logical
switches, the ids are the logical switches's ids. When migrating out of
logical switches, the ids are vSphere Standard Switch portgroup names
in a single vSphere Standard Switch, or distributed virtual portgroup
names in a single distributed virtual switch (DVS).
This property can only used together with 'if_id'.
string
if_id The ESX vmk interfaces to migrate

A comma separated list of vmk interfaces (for example, vmk0,vmk1).
This property can only used along with 'esx_mgmt_if_migration_dest'.
If all vmk interfaces will be migrated into the same logical switch or
DV portgroup, the 'esx_mgmt_if_migration_dest' can be just one logical
switch id or DV portgroup name. Otherwise the number of vmks in this
list must equal the number of ids in 'esx_mgmt_if_migration_dest' list,
and the orders of the two lists are important because the vmks match
the network ids one by one in the same order.
string
ping_ip IP Addresses to ping right after ESX vmk interfaces were migrated.

A comma separated list of IP addresses that match the vmk interfaces
given in property 'if_id" or 'vnic' one-by-one in the same order.
'0.0.0.0' is a special IP that indicates the pre-migration gateway of
the vmk will be pinged post-migration. If a VMK does not need the ping
ip or a VM NIC is given inside 'vnic', the ping ip must be skipped but
the comma has to stay. For example, '0.0.0.0,,10.1.1.1' indicates the
vmk or VM NIC at the 2nd position does not need ping post-migration.
Right after all ESX vmk interfaces are migrated, ping packets will be
sent through each vmk to its given ping_ip to check if the migraton
will break the network connectivity or not. If any vmk_ping fails, the
whole migration of all vmks will be rolled back and transport-node will
be in failed state.
string
skip_validation Whether to skip front-end validation for vmk/vnic/pnic migration

If this property is set true, all front-end validation for vmk, vnic,
and/or pnic migration will be skipped. This is useful when the remote
host becomes unreachable as a result of a migration; in which case
the front-end validation will always fail because data from the remote
host is no longer available. Skipping the validation will allow user
to undo the migration by updating the transport node first and then
restoring the host network connectivity.
boolean Default: "False"
vnic The ESX vmk interfaces and/or VM NIC to migrate

A comma separated list of vmk interfaces and/or one VM NIC. Only one VM
NIC is allowed in the list; the format must be vmInstanceUuid:DeviceId
like '50ca5f2d-1fa2-432d-991e-f01e0e16d182:4000'. An example list is
'vmk0,vmk1,50ca5f2d-1fa2-432d-991e-f01e0e16d182:4000'.
The property can only be used along with 'vnic_migration_dest'.
string
vnic_migration_dest The migration destinations of ESX vmk interfaces and/or VM NIC

A comma separated list of vif ids, or port group names. When migrating
into logical switches, the ids are vif ids in the logical ports created
in the logical switches. When migrating out of logical switches, the
ids are vSphere Standard Switch portgroup names in a single vSphere
Standard Switch, or distributed virtual portgroup names in a single
distributed virtual switch (DVS).
The property can only be used in combination with property 'vnic'. The
number of vnic interfaces in 'vnic' must equal the number of vif ids or
port-group names in this list. The items in the two lists match by the
the order.
string

TransportProtocolHeader (schema)

Name Description Type Notes
dhcp_header DHCP header DhcpHeader
dhcpv6_header DHCP v6 header Dhcpv6Header
dns_header DNS header DnsHeader
icmp_echo_request_header ICMP echo request header IcmpEchoRequestHeader
ndp_header Neighbor discovery protocol header NdpHeader
tcp_header TCP header TcpHeader
udp_header UDP header UdpHeader

TransportTunnelResourceType (schema)

Resource types of L2VPN Transport tunnels

Name Description Type Notes
TransportTunnelResourceType Resource types of L2VPN Transport tunnels string Enum: IPSecVPNTransportStatus

TransportType (schema) (Deprecated)

Name Description Type Notes
TransportType string Deprecated
Enum: OVERLAY, VLAN

TransportZone (schema) (Deprecated)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
is_default Flag to indicate if the transport zone is the default one.

Only one transport zone can be the default one for a given transport zone type. APIs that need transport zone can choose to use the default transport zone if a transport zone is not given.		 boolean Default: "False"
nested_nsx Flag to indicate if all transport nodes in this transport zone are connected through nested NSX.

This flag should be set to true in nested NSX environment. When the "allow_changing_vdr_mac_in_use" property in the global config object RoutingGlobalConfig is false, this flag can not be changed if this transport zone is OVERLAY and the change will make any transport node in this transport zone to change the VDR MAC used in any host switch. When this flag is true and this transport zone is OVERLAY, all host switches in this transport zone will use the VDR MAC in the "vdr_mac_nested" property in the global config object RoutingGlobalConfig.		 boolean Default: "False"
origin_id The host switch id generated by the system.

This field is populated only if the transport zone was created by NSX system to support security on vSphere Distributed Switch (vDS). The origin_id will refer to the identifier of corresponding vDS from it's parent vCenter server.		 string Readonly
resource_type Must be set to the value TransportZone string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type The transport type of this transport zone. TransportType Required
transport_zone_profile_ids Identifiers of the transport zone profiles associated with this TransportZone. array of TransportZoneProfileTypeIdEntry
uplink_teaming_policy_names Names of the switching uplink teaming policies that are supported by this transport zone.

The names of switching uplink teaming policies that all transport nodes in this transport zone must support. An exception will be thrown if a transport node within the transport zone does not support a named teaming policy. The user will need to first ensure all trasnport nodes support the desired named teaming policy before assigning it to the transport zone. If the field is not specified, the host switch's default teaming policy will be used.		 array of string

TransportZoneEndPoint (schema) (Deprecated)

This object associates TransportNode to a certain TransportZone

Specify which HostSwitch from this TransportNode is used handle traffic for given TransportZone

Name Description Type Notes
transport_zone_id Unique ID identifying the transport zone for this endpoint

For MP APIs provide UUID of transport zone. For Policy APIs provide policyPath of transport zone.		 string Required
transport_zone_profile_ids Identifiers of the transport zone profiles associated with this transport zone endpoint on this transport node.

For MP APIs provide UUID of transport zone profiles. For Policy APIs provide policyPath of transport zone profiles.		 array of TransportZoneProfileTypeIdEntry

TransportZoneInfo (schema)

Name Description Type Notes
is_underlay_transport_zone Flag to identify if this is the underlay transport zone boolean Readonly
logical_switches Logical switches for the transport zone array of LogicalSwitchInfo Readonly
segments Segments of transport zone

List of segments created on this transport zone.
array of SegmentInfo Readonly
transport_zone_display_name Name of the transport zone string Readonly
transport_zone_id ID of the transport zone string Readonly

TransportZoneListParameters (schema) (Deprecated)

Transport Zone list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
display_name The transport zone's display name

If set, all transport zones with matching display name will be returned.		 string
include_system_owned Filter to indicate whether to include system owned Transport Zones. boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
is_default Filter to choose if default transport zones will be returned

If set to true, only the default transport zones will be returned. If set to false, all transport zones except the default ones will be returned. If unset, all transport zones will be returned.		 boolean
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
transport_type Filter to choose the type of transport zones to return

If set, only transport zones of the given type will be returned; otherwise transport zones of all types will be returned.		 TransportType
uplink_teaming_policy_name The transport zone's uplink teaming policy name

All transport zone's with the specified uplink teaming policy name. Otherwise, transport zones with any uplink teaming policy will be returned.		 string

TransportZoneListResult (schema) (Deprecated)

Transport zone queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Transport Zone Results array of TransportZone Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TransportZoneProfile (schema) (Deprecated)

This is an abstract type. Concrete child types:
BfdHealthMonitoringProfile

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value TransportZoneProfile string Required
Enum: BfdHealthMonitoringProfile
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

TransportZoneProfileListParameters (schema) (Deprecated)

Transport zone profile list parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_system_owned Whether the list result contains system resources boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
resource_type comma-separated list of transport zone profile types, e.g. ?resource_type=BfdHealthMonitoringProfile string
sort_ascending boolean
sort_by Field by which records are sorted string

TransportZoneProfileListResult (schema) (Deprecated)

Transport zone profile queries result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Transport zone profile results array of TransportZoneProfile
(Abstract type: pass one of the following concrete types)
BfdHealthMonitoringProfile		 Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

TransportZoneProfileType (schema) (Deprecated)

Supported transport zone profiles.

Name Description Type Notes
TransportZoneProfileType Supported transport zone profiles. string Deprecated
Enum: BfdHealthMonitoringProfile

TransportZoneProfileTypeIdEntry (schema) (Deprecated)

Name Description Type Notes
profile_id profile id of the resource type string Required
resource_type Selects the type of the transport zone profile TransportZoneProfileType

TransportZoneStatus (schema) (Deprecated)

Transport zone runtime status information

Name Description Type Notes
num_logical_ports Count of logical ports in the transport zone int Required
Readonly
num_logical_switches Count of logical switches in the transport zone int Required
Readonly
num_transport_nodes Count of transport nodes in the transport zone int Required
Readonly
transport_node_members Information about transport nodes which are part of this transport zone array of TransportNodeMemberInfo Readonly
transport_zone_id Unique ID identifying the transport zone string Required
Readonly

TriggerUcUpgradeParameters (schema)

Name Description Type Notes
product_version Target upgrade coordinator version.

Target upgrade coordinator version.		 string Pattern: "^[a-zA-Z0-9-.]+$"

TrunkVlanRange (schema) (Deprecated)

Trunk VLAN id range

Name Description Type Notes
end VlanID Required
start VlanID Required

TrustManagementData (schema)

Name Description Type Notes
supported_algorithms List of supported algorithms. array of CryptoAlgorithm Readonly

TrustObjectData (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
key_algo Key algorithm contained in this certificate. string
passphrase Password for private key encryption. string
pem_encoded PEM encoded certificate data. string Required
private_key Private key data. string
purpose Purpose of this certificate. Can be empty or set to "signing-ca". string Enum: signing-ca
resource_type Must be set to the value TrustObjectData string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

TunnelDigestAlgorithm (schema)

Digest Algorithms used in tunnel establishment

The TunnelDigestAlgorithms are used to verify message
integrity during IPSec VPN tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces
XXX bit hash.

Name Description Type Notes
TunnelDigestAlgorithm Digest Algorithms used in tunnel establishment

The TunnelDigestAlgorithms are used to verify message
integrity during IPSec VPN tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces
XXX bit hash.
string Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

TunnelEncryptionAlgorithm (schema)

Encryption algorithm used in tunnel

TunnelEncryption algorithms are used to ensure confidentiality
of the messages exchanged during Tunnel negotiations. AES
stands for Advanced Encryption Standards. AES_128 uses 128-bit
keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES) in
Galois/Counter Mode (GCM) and is used to provide both
confidentiality and data origin authentication.
NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input
data without encyption. Digest algorithm should be empty for this
option.

Name Description Type Notes
TunnelEncryptionAlgorithm Encryption algorithm used in tunnel

TunnelEncryption algorithms are used to ensure confidentiality
of the messages exchanged during Tunnel negotiations. AES
stands for Advanced Encryption Standards. AES_128 uses 128-bit
keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES) in
Galois/Counter Mode (GCM) and is used to provide both
confidentiality and data origin authentication.
NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input
data without encyption. Digest algorithm should be empty for this
option.
string Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION

TunnelInterfaceIPSubnet (schema)

Name Description Type Notes
ip_addresses IPv4 Addresses array of IPv4Address Required
Minimum items: 1
Maximum items: 1
prefix_length Subnet Prefix Length integer Required
Minimum: 1
Maximum: 31

TunnelList (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
tunnels List of transport node tunnels array of TunnelProperties Readonly

TunnelPortConfig (schema)

IP Tunnel port configuration

IP Tunnel port configuration.

Name Description Type Notes
ip_subnets IP Tunnel port subnet

IP Tunnel port (commonly referred as VTI) subnet.		 array of IPSubnet Required
Maximum items: 1
tunnel_port_id Logical route port identifier

Logical route port identifier.		 string Readonly

TunnelProperties (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
bfd Detailed information about BFD configured on interface BFDProperties Readonly
egress_interface Name of local transport interface carrying tunnel traffic

Corresponds to the interface where local_ip_address is routed.		 string Readonly
encap Tunnel encap string Readonly
Enum: STT, VXLAN, GENEVE, NONE, UNKNOWN_ENCAP
last_updated_time Time at which the Tunnel status has been fetched last time. EpochMsTimestamp Readonly
latency_type Latency type

Latency type.		 string Readonly
Enum: UNKNOWN_LATENCY, VALID, NOT_READY, TIMEOUT
latency_value Latency value

The latency value is set only when latency_type is VALID.		 integer Readonly
local_ip Local IP address of tunnel string Readonly
Format: ip
name Name of tunnel string Readonly
remote_ip Remote IP address of tunnel string Readonly
Format: ip
remote_node_display_name Display name of the remote transport node

Represents the display name of the remote transport node at the other end of the tunnel.		 string Readonly
remote_node_id UUID of the remote transport node string Readonly
status Status of tunnel string Readonly
Enum: UP, DOWN, UNKNOWN

TunnelStatusCount (schema)

Name Description Type Notes
bfd_diagnostic BFD Diagnostic BFDDiagnosticCount
bfd_status BFD Status BFDStatusCount
degraded_count Degraded count int
down_count Down count int
status Roll-up status string Enum: UP, DOWN, DEGRADED, UNKNOWN
up_count Up count int

TunnelSubnet (schema) (Deprecated)

Name Description Type Notes
ip_addresses Subnet ip addresses array of IPv4Address Required
Minimum items: 1
Maximum items: 1
prefix_length Subnet Prefix Length integer Required
Minimum: 1
Maximum: 31

UcFunctionalState (schema)

Uc Functional State

Upgrade coordinator Uc functional State.

Name Description Type Notes
error_message error message

error message that explains why UC is on standby mode.		 string Readonly
state State of UC UI

function state of the upgrade coordinator		 string Required
Readonly
Enum: RUNNING, STANDBY

UcStateProperties (schema)

Upgrade Coordinator state properties

Name Description Type Notes
update_uc_state_properties Flag for updating upgrade-coodinator state properties to database boolean Default: "True"

UcUpgradeStatus (schema)

UC Upgrade status

Upgrade status of upgrade-coordinator

Name Description Type Notes
errors List of failure messages

List of failure messages.		 array of string Readonly
progress_messages Progress messages

List of progress messages.		 array of string Readonly
progress_percentage Upgrade Coordinator Upgrade Progress Percentage int Readonly
state State of UC upgrade

Current state of UC upgrade		 string Readonly
Enum: NOT_STARTED, IN_PROGRESS, SUCCESS, FAILED
status Status of UC upgrade

Status of UC upgrade.		 string Readonly

UdpHeader (schema)

Name Description Type Notes
dst_port Destination port of udp header integer Minimum: 0
Maximum: 65535
Default: "0"
src_port Source port of udp header integer Minimum: 0
Maximum: 65535
Default: "0"

UnaryOperation (schema)

Unary Operation

Unary Operation.

Name Description Type Notes
operand Operand

Represents an argument of the operation pointing to a specific field value.		 ResourceFieldPointer Required
operator Operator

Logical Operator describing the operation to apply to the operand.		 string Required
Enum: APPEND, SUBTRACT

UnaryOperationBasedInjectionValue (schema)

Operation based Injection Value

Operation based Injection Value.

Name Description Type Notes
initial_value Intitial value

Resource field pointer representing the initial value for the injection value. If an
operation is supplied, the value is handed to the operation function to produce a
final result.
ResourceFieldPointer Required
operation Operation Function

Represents an optional operation to be done on the initial value.		 UnaryOperation
resource_type Must be set to the value UnaryOperationBasedInjectionValue string Required
Enum: UnaryOperationBasedInjectionValue

UnassociatedVMListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp EpochMsTimestamp
result_count Count of results found (across all pages), set only on first page integer Readonly
results Unassociated Vitual Machine list results

List of VMs which are not associated with any NSGroup
array of VirtualMachine Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UnboundedKeyValuePair (schema)

A key-value pair with no limitations on size

Name Description Type Notes
key Key string Required
value Value string Required

UnidirectionalServicePath (schema)

Forward or reverse service path

Representing either forward or reverse service path for ingress or egress traffic respectively.

Name Description Type Notes
hops Forward or reverse service path hops

List of service path hops that constitutes the forward or reverse service path.		 array of ServicePathHop Readonly
host_cross_count Host crossing count

The number of times the traffic needs to cross hosts for the given forward or reverse service path.		 integer Readonly
in_maintenance_mode Is in maintenance mode

Is forward or revserse service path in maintenance mode or not.		 boolean Readonly
is_active Is active

Is forward or revserse service path active or not.		 boolean Readonly
unidir_service_path_id Unidirectional service path id

Unique identifier of one directional service path.		 integer Readonly

UpdateOidcEndPointThumbprintRequest (schema)

Request to update the thumbprint of an OpenId Connect end-point

Request to update the thumbprint of an OpenID Connect end-point with a new thumbprint.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
oidc_uri OpenID Connect end-point URI

URI where to download the meta-data of the OIDC end-point.		 string Required
Maximum length: 255
resource_type Must be set to the value UpdateOidcEndPointThumbprintRequest string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
thumbprint Thumbprint

Thumbprint of the OIDC URI to make an SSL connection.		 string Required

UpdatePrincipalIdentityCertificateRequest (schema)

Request to update the certificate of a principal identity

Request to update the certificate of a principal identity with a new
certificate.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
certificate_id Id of the stored certificate

Id of the stored certificate.		 string Required
Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
principal_identity_id Principal Identity ID

Unique ID of the principal.		 string Required
Maximum length: 255
Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type Must be set to the value UpdatePrincipalIdentityCertificateRequest string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

UpdateStatusWithFiltersParameter (schema)

Parameters to update status of alarm

Name Description Type Notes
after Filter to fetch alarms after the specified time

Filter to fetch alarms after the specified time.
EpochMsTimestamp
before Filter to fetch alarms before the specified time

Filter to fetch alarms before the specified time.
EpochMsTimestamp
cursor Cursor for pagination

Opaque cursor to be used for getting next page of records (supplied by current result page).
string
event_type Event Type Filter

Specify one or more event types for which alarms should be filtered.
string
feature_name Feature Name

Specify one or more feature names for which alarms should be filtered.
string
id Alarm ID

Specify one or more alarm IDs for which alarms should be filtered.
string
intent_path Intent Path for entity ID

Specify one or more intent paths for which alarms should be filtered.
string
new_status Status

Specify new alarm status for filtered alarms. Can be one of OPEN,
ACKNOWLEDGED, SUPPRESSED, RESOLVED.
MonitoringStatus Required
node_id Node ID

Specify one or more node IDs for which alarms should be filtered.
string
node_resource_type Node Resource Type

Specify one or more node resource types for which alarms should be filtered.
string
page_size Page Size for pagination

Maximum number of results to return in this page (server may return fewer).
integer
severity Severity

Specify one or more severity levels for which alarms should be filtered.
Must be one of CRITICAL, HIGH, MEDIUM, LOW.
string
sort_ascending Represents order of sorting the values

If true, the value of the column are sorted in ascending order. Otherwise, in descending order.		 boolean Default: "True"
sort_by Key for sorting on this column

Sorting on column is based on the sort_by. sort_by represents the field in the output data on which sort is requested.		 string
status Status

Specify one or more status for which alarms should be filtered. Must be
one of OPEN, ACKNOWLEDGED, SUPPRESSED, RESOLVED.
string
suppress_duration Duration in hours for which Alarm should be suppressed

Specify duration in hours for which Alarm should be suppressed.This
value must be specified if the new_status is SUPPRESSED.
integer

UpgradeBundle (schema)

Name Description Type Notes
file Upgrade bundle file multipart_file Required

UpgradeBundleFetchRequest (schema)

Fetch request for fetching upgrade bundle

URL and other fetch requests of upgrade bundle

Name Description Type Notes
url URL of upgrade bundle

URL for uploading upgrade bundle		 string Required

UpgradeBundleId (schema)

Bundle id of upgrade bundle

Identifier of the upgrade bundle

Name Description Type Notes
bundle_id Bundle Id of upgrade bundle uploaded

Identifier of bundle upload		 string Readonly

UpgradeBundleInfo (schema)

Information about upgrade bundle

Information about the upgrade bundle

Name Description Type Notes
bundle_size size of upgrade bundle string Readonly
url URL of the upgrade bundle

URL for uploading upgrade bundle		 string Readonly

UpgradeBundleUploadStatus (schema)

Upload status of upgrade bundle

Upload status of upgrade bundle uploaded from url

Name Description Type Notes
detailed_status Detailed status of bundle upload

Detailed status of upgrade bundle upload		 string Readonly
percent Percent of upload completed

Percent of bundle uploaded from URL		 number Readonly
status Status of upgrade bundle upload

Current status of upgrade bundle upload		 string Readonly
Enum: UPLOADING, VERIFYING, SUCCESS, FAILED
url URL from which the bundle was uploaded

URL for uploading upgrade bundle		 string Readonly

UpgradeCheck (schema)

Pre/post-upgrade check

Check to identify potential pre/post-upgrade issues

Name Description Type Notes
component_type Component type string Required
display_name Name of the pre/post-upgrade check string
failure_messages List of failure messages

List of failure messages. This field is deprecated now. Please use failures instead.		 array of string Deprecated
Readonly
failures List of failures array of UpgradeCheckFailureMessage Readonly
status Status of pre/post-upgrade check string Required
Readonly
Enum: SUCCESS, FAILURE, WARNING

UpgradeCheckCsvListResult (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
results array of UpgradeCheckCsvRecord

UpgradeCheckCsvRecord (schema)

CSV record for an upgrade-check

CSV record for a pre/post-upgrade check

Name Description Type Notes
check_description Description of the upgrade check

Description of the pre/post-upgrade check		 string
check_name Name of the upgrade check

Display name of the pre/post-upgrade check		 string Required
failure_messages Failure messages

Space-separated list of failure messages		 string Readonly
status Status of the upgrade check

Status of the pre/post-upgrade check		 string Required
Readonly
Enum: SUCCESS, FAILURE, WARNING
upgrade_unit_id UUID of the upgrade unit

Identifier of the upgrade unit		 string Required
Readonly
upgrade_unit_metadata Meta-data of the upgrade-unit

Meta-data of the upgrade-unit		 string Readonly
upgrade_unit_type Component type

Component type of the upgrade unit		 string Required

UpgradeCheckFailure (schema)

Upgrade check failure

Pre/post-upgrade check failure

Name Description Type Notes
component_type Component type

Component type of the origin of failure		 string Required
Readonly
group_name Name of upgrade group

Name of the upgrade group of the origin of failure. Only applicable when
origin_type is UPGRADE_UNIT.
string
message Upgrade check failure message

Pre/post-upgrade check failure message		 UpgradeCheckFailureMessage Required
Readonly
origin_id Unique id of origin of failure

Unique id of origin of pre/post-upgrade check failure		 string Required
Readonly
origin_name Name of origin of failure

Name of origin of pre/post-upgrade check failure		 string Required
Readonly
origin_type Type of origin of failure

Type of origin of pre/post-upgrade check failure		 string Required
Readonly
Enum: COMPONENT, UPGRADE_UNIT
type Type of failure

Type of the pre/post-upgrade check failure		 string Required
Readonly
Enum: FAILURE, WARNING

UpgradeCheckFailureListRequestParameters (schema)

Name Description Type Notes
component_type Component type

Component type on which upgrade check failures are to be filtered
string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
filter_text Filter text

Text to filter the results on. The filter text is matched with origin
name and failure message. String matching for the filter is
case-insensitive.
string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
origin_type Type of origin of failure

Type of origin of pre/post-upgrade check failure		 string Enum: COMPONENT, UPGRADE_UNIT
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
type Status of the upgrade check

Status of the pre/post-upgrade check to filter the results on
string Enum: FAILURE, WARNING

UpgradeCheckFailureListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Collection of pre/post-upgrade check failures array of UpgradeCheckFailure Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeCheckFailureMessage (schema)

Upgrade check failure message

Pre/post-upgrade check failure message

Name Description Type Notes
error_code Error code

Error code for the error/warning		 integer Required
Readonly
message Error/warning message

Error/warning message		 string Required
Readonly

UpgradeCheckInfo (schema)

Meta-data of a pre/post-upgrade check

Meta-data of a pre/post-upgrade check

Name Description Type Notes
component_type Component type

Component type of the pre/post-upgrade check		 string Required
description Description

Description of the pre/post-upgrade check		 string Readonly
name Name of the upgrade check

Display name of the pre/post-upgrade check		 string Required
Readonly

UpgradeCheckInfoListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which upgrade checks are to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

UpgradeCheckListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
checks Paged Collection of pre/post-upgrade checks array of UpgradeCheck Required
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeCheckListResults (schema)

Name Description Type Notes
checks_with_warnings UpgradeCheckListResult Readonly
failed_checks UpgradeCheckListResult Readonly
successful_checks UpgradeCheckListResult Readonly

UpgradeChecksExecutionStatus (schema)

Execution status of pre/post-upgrade checks

Execution status of pre/post-upgrade checks

Name Description Type Notes
details Details about current execution of pre/post-upgrade checks string Readonly
end_time Time (in milliseconds since epoch) when the execution of pre/post-upgrade checks completed EpochMsTimestamp
failure_count Failure count

Total count of generated failures or warnings in last execution of
pre/post-upgrade checks
int Readonly
node_with_issues_count Number of nodes with failures/warnings

Number of nodes which generated failures or warnings in last execution
of pre/post-upgrade checks. This field has been deprecated. Please use
failure_count instead.
int Deprecated
Readonly
start_time Time (in milliseconds since epoch) when the execution of pre/post-upgrade checks started EpochMsTimestamp
status Status of execution of pre/post-upgrade checks string Required
Readonly
Enum: NOT_STARTED, IN_PROGRESS, ABORTING, ABORTED, COMPLETED

UpgradeCoordinatorDeploymentConfig (schema)

Configuration for upgrade-coordinator deployment

Configuration for upgrade-coordinator deployment.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
cluster_id Kubernetes cluster id

Unique id to identify kubernetes guest cluster.		 string
deployment_action Deployment action

Deployment action.		 CloudNativeDeploymentAction
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
kubeconf_info Kubeconfig info

Information about kubeconfig file.
KubeconfigInfo
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value UpgradeCoordinatorDeploymentConfig string
storage_class Kubernetes storage class

Kubernetes storage class		 string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
version Deployment version in use

Deployment version in use.		 string

UpgradeHistory (schema)

Name Description Type Notes
initial_version Initial Version

Version before the upgrade started		 string Required
target_version Target Version

Version being upgraded to		 string Required
timestamp Timestamp (in milliseconds since epoch) when the upgrade was performed EpochMsTimestamp Required
upgrade_status Status of the upgrade string Required
Enum: STARTED, SUCCESS, FAILED

UpgradeHistoryList (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Upgrade history list array of UpgradeHistory Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradePlanResetRequest (schema)

Name Description Type Notes
component_type Component type string Required

UpgradePlanSettings (schema)

Name Description Type Notes
parallel Upgrade Method to specify whether the upgrade is to be performed serially or in parallel boolean Default: "True"
pause_after_each_group Flag to indicate whether to pause the upgrade after upgrade of each group is completed boolean Default: "False"
pause_on_error Flag to indicate whether to pause the upgrade plan execution when an error occurs boolean Default: "False"

UpgradeProgressStatus (schema)

Upgrade progress status

Name Description Type Notes
last_upgrade_step_status Status of last upgrade step object
upgrade_bundle_present True if upgrade bundle is present boolean
upgrade_metadata Meta info of upgrade object

UpgradeStatus (schema)

Name Description Type Notes
ccp_status CCP upgrade status CCPUpgradeStatus Readonly
component_status List of component statuses array of ComponentUpgradeStatus Required
Readonly
edge_status Edge upgrade status EdgeUpgradeStatus Readonly
host_status Host upgrade status HostUpgradeStatus Readonly
overall_upgrade_status Status of upgrade string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

UpgradeStatusSummary (schema)

Upgrade status summry

Name Description Type Notes
upgrade_bundle_present True if upgrade bundle is present boolean
upgrade_metadata Meta info of upgrade object
upgrade_steps List of all upgrade steps performed array of object

UpgradeSummary (schema)

Name Description Type Notes
component_target_versions array of ComponentTargetVersion Readonly
system_version Current system version string Required
Readonly
target_version Target system version string Required
Readonly
upgrade_bundle_file_name Name of the last successfully uploaded upgrade bundle file string Readonly
upgrade_coordinator_updated Has upgrade coordinator been updated after upload of upgrade bundle file boolean Readonly
upgrade_coordinator_version Current version of upgrade coordinator string Required
Readonly
upgrade_status Status of upgrade string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

UpgradeTaskActionParameters (schema)

Name Description Type Notes
action Upgrade task

The upgrade task to perform.		 string Pattern: "^[^/]+$"

UpgradeTaskProperties (schema)

Task properties

Name Description Type Notes
bundle_name Name of Bundle string Required
parameters Bundle arguments object Readonly
step Step name string

UpgradeTaskStatusQueryParameters (schema)

Name Description Type Notes
bundle_name Bundle Name

Provide a bundle name		 string Pattern: "^[a-zA-Z0-9-.]+$"
upgrade_task_id Upgrade Task ID

Provide a task id		 string Pattern: "^[a-z0-9-]+$"

UpgradeTopology (schema)

Recommended topology for migrating NVDS to VDS

Name Description Type Notes
topology All resultant VDS mapping for a NVDS after the migration array of NvdsUpgradeTopology Required

UpgradeUnit (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
current_version Current version of upgrade unit

This is component version e.g. if upgrade unit is of type edge, then this is edge version.		 string Readonly
display_name Name of the upgrade unit string
group Info of the group to which this upgrade unit belongs UpgradeUnitGroupInfo Readonly
id UUID of the upgrade unit

Identifier of the upgrade unit		 string Required
Readonly
metadata Metadata about upgrade unit array of KeyValuePair Readonly
type Upgrade unit type string
warnings List of warnings indicating issues with the upgrade unit that may result in upgrade failure array of string Readonly

UpgradeUnitAggregateInfo (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
current_version Current version of upgrade unit

This is component version e.g. if upgrade unit is of type edge, then this is edge version.		 string Readonly
display_name Name of the upgrade unit string
errors List of errors occurred during upgrade of this upgrade unit array of string Readonly
group Info of the group to which this upgrade unit belongs UpgradeUnitGroupInfo Readonly
id Identifier of the upgrade unit

Identifier of the upgrade unit		 string Required
Readonly
metadata Metadata about upgrade unit array of KeyValuePair Readonly
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
post_upgrade_checks UpgradeCheckListResults Readonly
pre_upgrade_checks UpgradeCheckListResults Readonly
status Status of upgrade unit string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
type Upgrade unit type string
warnings List of warnings indicating issues with the upgrade unit that may result in upgrade failure array of string Readonly

UpgradeUnitAggregateInfoListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which upgrade units to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
group_id Identifier of group based on which upgrade units to be filtered string
has_errors Flag to indicate whether to return only upgrade units with errors boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
metadata Metadata about upgrade unit to filter on string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
selection_status Flag to indicate whether to return only selected, only deselected or both type of upgrade units string Enum: SELECTED, DESELECTED, ALL
Default: "ALL"
sort_ascending boolean
sort_by Field by which records are sorted string
upgrade_unit_display_name Display name of upgrade unit

Display name of upgrade unit to filter the results on. String matching for the filter is case-insensitive.
string

UpgradeUnitAggregateInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of UpgradeUnit AggregateInfo array of UpgradeUnitAggregateInfo Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeUnitGroup (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to indicate whether upgrade of this group is enabled or not boolean Default: "True"
extended_configuration Extended configuration for the group

Extended configuration for the group. Following extended_configuration is supported:

Key: upgrade_mode
Supported values: maintenance_mode, in_place, stage_in_vlcm

Key: maintenance_mode_config_vsan_mode
Supported values: evacuate_all_data, ensure_object_accessibility, no_action

Key: maintenance_mode_config_evacuate_powered_off_vms
Supported values: true, false

Key: rebootless_upgrade
Supported values: true, false
array of KeyValuePair Maximum items: 100
id Unique identifier of this resource string Sortable
parallel Upgrade method to specify whether the upgrade is to be performed in parallel or serially boolean Default: "True"
resource_type Must be set to the value UpgradeUnitGroup string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Component type string Required
upgrade_unit_count Count of upgrade units in the group

Number of upgrade units in the group		 int Readonly
upgrade_units List of upgrade units in the group array of UpgradeUnit Maximum items: 100

UpgradeUnitGroupAggregateInfo (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
enabled Flag to indicate whether upgrade of this group is enabled or not boolean Default: "True"
extended_configuration Extended configuration for the group array of KeyValuePair Maximum items: 100
failed_count Number of nodes in the upgrade unit group that failed upgrade int Readonly
group_level_failure Reports failures that occured at the group or cluster level. array of string Readonly
id Unique identifier of this resource string Sortable
parallel Upgrade method to specify whether the upgrade is to be performed in parallel or serially boolean Default: "True"
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
post_upgrade_status Post-upgrade status of group UpgradeChecksExecutionStatus Readonly
resource_type Must be set to the value UpgradeUnitGroupAggregateInfo string
status Upgrade status of upgrade unit group string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Component type string Required
upgrade_unit_count Count of upgrade units in the group

Number of upgrade units in the group		 int Readonly
upgrade_units List of upgrade units in the group array of UpgradeUnit Maximum items: 100

UpgradeUnitGroupAggregateInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of upgrade status for upgrade unit groups array of UpgradeUnitGroupAggregateInfo Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeUnitGroupInfo (schema)

Name Description Type Notes
display_name Name of the group string Required
Readonly
id UUID of group

Identifier of group		 string Required
Readonly

UpgradeUnitGroupListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which upgrade unit groups to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
summary Flag indicating whether to return summary boolean Default: "False"
sync Synchronize before returning upgrade unit groups

If true, synchronize with the management plane before returning upgrade unit groups		 boolean Default: "False"

UpgradeUnitGroupListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Upgrade unit groups array of UpgradeUnitGroup Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeUnitGroupStatus (schema)

Name Description Type Notes
failed_count Number of nodes in the upgrade unit group that failed upgrade int Readonly
group_id UUID of upgrade unit group

Identifier for upgrade unit group		 string Required
Readonly
group_name Upgrade unit group Name

Name of the upgrade unit group		 string Required
Readonly
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
status Upgrade status of upgrade unit group string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
upgrade_unit_count Number of upgrade units in the group int Required
Readonly

UpgradeUnitGroupStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged collection of upgrade status for upgrade unit groups array of UpgradeUnitGroupStatus Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeUnitList (schema)

Name Description Type Notes
list Collection of Upgrade units array of UpgradeUnit Required

UpgradeUnitListRequestParameters (schema)

Name Description Type Notes
component_type Component type based on which upgrade units to be filtered string
current_version Current version of upgrade unit based on which upgrade units to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
group_id UUID of group based on which upgrade units to be filtered string
has_warnings Flag to indicate whether to return only upgrade units with warnings boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
metadata Metadata about upgrade unit to filter on string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
upgrade_unit_type Upgrade unit type based on which upgrade units to be filtered string

UpgradeUnitListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of Upgrade units array of UpgradeUnit Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeUnitStatus (schema)

Name Description Type Notes
display_name Name of upgrade unit string Required
Readonly
errors List of errors occurred during upgrade of this upgrade unit array of string Readonly
id UUID of upgrade unit

Identifier of upgrade unit		 string Required
Readonly
metadata Metadata about upgrade unit array of KeyValuePair Readonly
percent_complete Indicator of upgrade progress in percentage number Required
Readonly
status Status of upgrade unit string Required
Readonly
Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

UpgradeUnitStatusListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Paged Collection of upgrade units status array of UpgradeUnitStatus Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeUnitTypeStats (schema)

Name Description Type Notes
node_count Number of nodes int Required
Readonly
node_with_issues_count Number of nodes with issues that may cause upgrade failure int Readonly
type Type of upgrade unit string Required
Readonly
upgrade_unit_subtype UpgradeUnit sub type string Readonly
Enum: RESOURCE, ACTION
version Version of the upgrade unit string Required
Readonly

UpgradeUnitTypeStatsList (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List of upgrade unit type stats array of UpgradeUnitTypeStats Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

UpgradeUnitsStatsRequestParameters (schema)

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
sync Synchronize before returning upgrade unit stats

If true, synchronize with the management plane before returning upgrade unit stats		 boolean Default: "False"

Uplink (schema) (Deprecated)

Object to identify an uplink based on its type and name

Name Description Type Notes
uplink_name Name of this uplink string Required
uplink_type Type of the uplink string Required
Enum: PNIC, LAG

UplinkHostSwitchProfile (schema) (Deprecated)

Profile for uplink policies

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
lags list of LACP group array of Lag Maximum items: 64
mtu Maximum Transmission Unit used for uplinks int Minimum: 1280
named_teamings List of named uplink teaming policies that can be used by logical switches array of NamedTeamingPolicy Maximum items: 32
overlay_encap The protocol used to encapsulate overlay traffic string Enum: VXLAN, GENEVE
Default: "GENEVE"
required_capabilities array of string Readonly
resource_type Must be set to the value UplinkHostSwitchProfile HostSwitchProfileType Required
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
teaming Default TeamingPolicy associated with this UplinkProfile TeamingPolicy Required
transport_vlan VLAN used for tagging Overlay traffic of associated HostSwitch VlanID Default: "0"

UploadBundleId (schema)

Bundle Id

Bundle Id for uploaded file.

Name Description Type Notes
bundle_id Bundle id

Bundle id of uploaded file.		 string

UploadBundleRemoteServer (schema)

Upload bundle from remote server

Upload bundle from remote server.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
port Port to connect with

Port to connect with.		 string
protocol Protocol

Protocol used HTTP or HTTPS.		 string Required
Enum: HTTP, HTTPS
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value UploadBundleRemoteServer string
server Server IP or FQDN

Server IP or FQDN.		 string Required
Format: hostname-or-ip
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
uri Relative path to download file

Relative path to download file.		 string Required

UploadBundleStatus (schema)

Status of uploaded bundle

Status of uploaded bundle.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description More detail about bundle upload

More detail about bundle upload.		 string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
percent Upload percentage for bundle

Upload percentage for bundle.		 number
port Port to connect with

Port to connect with.		 string
protocol Protocol

Protocol used HTTP or HTTPS.		 string Required
Enum: HTTP, HTTPS
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value UploadBundleStatus string
server Server IP or FQDN

Server IP or FQDN.		 string Required
Format: hostname-or-ip
status Current state of bundle upload

Current state of bundle upload.
UPLOADING - Upload in progress.
DOWNLOADING - Download in progress.
EXTRACTING - Extract in progress.
VERIFYING - Verifying signature of uploaded bundle.
SUCCESS - Upload complete.
FAILED - Upload failed.
string Enum: UPLOADING, DOWNLOADING, EXTRACTING, VERIFYING, SUCCESS, FAILED
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
uri Relative path to download file

Relative path to download file.		 string Required

UploadFileRequestParameters (schema)

Import file request parameters

This holds the requests parameters required to multipart-upload a file.

Name Description Type Notes
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
file File to be uploaded multipart_file Required

UploadTlsCrlRequestParameters (schema)

Upload TlsCrl request parameters

Holds the requests parameters required to multipart-upload a TlsCrl objecta

Name Description Type Notes
crl_type Type of CRL

The type of the CRL. It can be "OneCRL" or "X509" (default).		 string Enum: OneCRL, X509
Default: "X509"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
file File to be uploaded multipart_file Required

UpmEntityType (schema)

Supported Entity Types

All entity types supported.

Name Description Type Notes
UpmEntityType Supported Entity Types

All entity types supported.		 string Enum: LogicalPort, LogicalSwitch, NSGroup

UrlAlias (schema)

Url Alias

Short name or alias of a url. It is used to represent the url.

Name Description Type Notes
alias Url Alias Name

Short name or alias of url, if any. If not specified, the url can be referenced by its index in the array of urls of the datasource instance as $ (for example, $0).		 string Maximum length: 255
keystore_info Key Store Info for the URLAlias

Key Store information for the URLAlias.Use this property if key store information is different for each url alias.		 KeyStoreInfo
query Search query of the search api, if any

Search query to be applied, if any. If query string is not provided, it will be ignored.		 string Maximum length: 1024
request_body A raw request body in the form json format for a given url. This request body will be submitted along with request while giving a post api call. object
request_headers A raw request header in the form json format for a given url. This request header will be submitted along with request while giving a api call. object
request_method Type of http method

Type of the http method (Get, Post) to be used while invoking the given url through dashboard datasource framework.		 string Enum: Get, Post
Default: "Get"
url Url

Url to fetch data from.		 string Required
Maximum length: 1024

UrpfMode (schema)

Unicast Reverse Path Forwarding mode

Name Description Type Notes
UrpfMode Unicast Reverse Path Forwarding mode string Enum: NONE, STRICT

UserInfo (schema)

Authenticated User Info

Name Description Type Notes
roles Permissions array of NsxRole Required
Readonly
user_name User Name string Required
Readonly

UserManagedStatus (schema)

Status for marking an instance UserManaged.

Status for marking an instance UserManaged.

Name Description Type Notes
usermanaged Property to identify if this instance is usermanaged or not.

Property usermanaged YES means NSX will not consider this
instance while performing quarantine operation.
Value IN_PROGRESS signifies the state change is under progress.
string Required
Enum: YES, NO, IN_PROGRESS
usermanaged_errors Error in realising instance config property

Lists out the errors encountered (if any) while realising config property of the instance.		 VmConfigError Readonly

UserRequestParameters (schema)

Request parameters for user APIs.

Request parameters for user APIs like the /aaa/user-info/* APIs

Name Description Type Notes
root_path Prefix path of the context string

UserSession (schema)

User login session information

Name Description Type Notes
domain_name AD Domain

AD Domain of user.		 string Required
login_time Login time

Login time.		 EpochMsTimestamp Required
logout_time Logout time if applicable

Logout time if applicable. An active user session has no logout time.
EpochMsTimestamp
user_name AD user name

AD user name.		 string Required
user_session_id User session ID

User session ID. This also indicates whether this is VDI / RDSH.		 int Required

UsernamePasswordLoginCredential (schema)

A login credential specifying a username and password

Name Description Type Notes
credential_type Must be set to the value UsernamePasswordLoginCredential string Required
password The authentication password for login string
thumbprint Thumbprint of the login server string Pattern: "^(([0-9A-Fa-f]{2}[:])+([0-9A-Fa-f]{2}))?$"
username The username for login string

V2tSiteMapping (schema)

Details about mapping of NSX-V and NSX-T Local Manager

Details about mapping of NSX-V and NSX-T Local Manager.

Name Description Type Notes
federation_site_id Federation NSX-T site id

Federation NSX-T site id.		 string Required
nsxv_ip NSX-V API endpoint IP address

NSX-V API endpoint IP address		 string Required
Readonly
Format: hostname-or-ip

V2tSiteMappingSpec (schema)

Input spec for mapping of NSX-V and NSX-T sites

Input spec for mapping of NSX-V and NSX-T sites

Name Description Type Notes
federation_site_id Federation NSX-T site id

Federation NSX-T site id.		 string Required
nsxv_ip NSX-V API endpoint IP address

NSX-V API endpoint IP address		 string Required
Format: hostname-or-ip
nsxv_password Password for NSX-V manager

Password for connecting to NSX-V manager.		 string Required
nsxv_username Username for NSX-V manager

Username for NSX-V manager		 string Required
vc_ip VC IP address or host name

IP address or host name of VC.		 string Required
Format: hostname-or-ip
vc_password Password for VC

Password for connecting to VC.		 string Required
vc_port VC port

VC port that will be used to fetch details.		 int Default: "443"
vc_username Username for VC

Username for connecting to VC.		 string Required

VIFGroupAssociationRequestParams (schema)

List request parameters containing virtual network interface external ID and enforcement point path

List request parameters containing virtual network interface external ID and enforcement point path

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point from which the list of groups needs
to be fetched. Forward slashes must be escaped using %2F. If no enforcement
point path is specified, the default enforcement point is considered
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
vif_external_id Virtual network interface external ID string Required

VIPSubnet (schema)

Name Description Type Notes
active_vip_addresses IP Addresses which will be owned by uplink on active node.

Array of IP address subnets which will be used as floating IP addresses. | These IPs will move and will be owned by Active node.		 array of IPAddress Required
Minimum items: 1
Maximum items: 1
prefix_length Subnet Prefix Length integer Required
Minimum: 1
Maximum: 128

VMDeploymentProgressState (schema)

Deployment progress of node VM

Deployment progress state of node VM. This Object contains name of current deployment step and overall progress percentage.

Name Description Type Notes
current_step_title Name of the current step

Name of the current running step of deployment		 string Readonly
progress Progress percentage

Overall progress percentage of deployment completed		 integer Readonly

VMGroupAssociationRequestParams (schema)

List request parameters containing virtual machine external ID and enforcement point path

List request parameters containing virtual machine external ID and enforcement point path

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
enforcement_point_path String Path of the enforcement point

The path of the enforcement point from which the list of groups needs
to be fetched. Forward slashes must be escaped using %2F. If no enforcement
point path is specified, the default enforcement point is considered
string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
vm_external_id Virtual machine external ID string Required

VMTagReplicationPolicy (schema)

A policy to replicate tags from once site to other

A policy to replicate tags from once site to other sites.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
groups Paths of groups

Paths of groups (VM tag-based, VM name-based, etc.) that translates into VMs
to be replicated from protected site to recovery sites.
If no group is specified, none of the VM tag will be replicated from protected
site to recovery sites.
array of string
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
protected_site A path of protected site

A path of protected site, from where tags of selected VMs will be
replicated to recovery sites.
string Required
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
recovery_sites Paths of recovery sites

Paths of recovery sites, where tags of selected VMs will be replicated
to, from protected site.
array of string Required
Minimum items: 1
Maximum items: 1
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value VMTagReplicationPolicy string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly
vm_match_criteria Matching criteria used for associating VMs

Matching criteria used for associating VMs from protected site to VMs
on recovery sites.
- MATCH_NSX_ATTACHMENT_ID : Associate VMs from the protected site and
recovery sites based on NSX attachment ID.
- MATCH_BIOS_UUID_NAME : Associate VMs from the protected site and
recovery sites based on (VM BIOS UUID + VM Name).
string Enum: MATCH_NSX_ATTACHMENT_ID, MATCH_BIOS_UUID_NAME
Default: "MATCH_NSX_ATTACHMENT_ID"

VMTagReplicationPolicyListRequestParameters (schema)

VM tag replication policy list request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

VMTagReplicationPolicyListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of the VM tag replication policies in the results array integer Readonly
results Collection of VM tag replication policies array of VMTagReplicationPolicy Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

ValidateCertificateParameters (schema)

Name Description Type Notes
usage Certificate Usage Type

Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER
CertificateUsageType

ValidationError (schema)

Validation Error

Error while applying transport node profile on discovered node

Name Description Type Notes
discovered_node_id Discovered Node Id string Required
Readonly
error_message Validation error message string Required
Readonly

ValueConstraintExpression (schema)

Represents the leaf level value constraint.

Represents the leaf level value constraint to constrain specified attribute
value to the set of values to be allowed/not-allowed.
Example - sourceGroups allowed to have only with list of groups.
{
"operator":"INCLUDES",
"values":["/infra/services/HTTP", "/infra/services/HTTPS"]
}

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
operator Operation to check for value list for resource attribute of constraint. string Required
Enum: INCLUDES, EXCLUDES, EQUALS
resource_type Must be set to the value ValueConstraintExpression string Required
Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
values Array of values to perform operation.

List of values.		 array of string Deprecated
values_with_type Array of values to perform operation.

List of values.		 ConstraintValue
(Abstract type: pass one of the following concrete types)
CidrArrayConstraintValue
IntegerArrayConstraintValue
StringArrayConstraintValue

VdsTopology (schema)

VDS details where NVDS will be migrated to

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cluster_id Identifier of cluster where VDS will be created string
data_center_id Identifier of datacenter where VDS will be created string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value VdsTopology string
status_details Details of the VDS configuration status array of string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_node_id Transport node identifiers on which NVDS(s) being upgraded to VDS array of string Required
vds_config VDS configuration DVSConfig Readonly
vds_name VDS name that will be created under above datacenter string Required
vds_status Status of the VDS configuration string Readonly
Enum: PENDING_TOPOLOGY, APPLYING_TOPOLOGY, APPLY_TOPOLOGY_FAILED, READY, REMOVING_TOPOLOGY
vmknic Virtual network interfaces that will be moved from VLAN Logical switch to Distributed Virtual PortGroup array of string

VdsTopologyParameters (schema)

Parameters to query VDS topology

Name Description Type Notes
cluster_id cluster identifier string
compute_manager_id vCenter identifier string
show_vds_config Flag to indicate if VdsTopology should contain VDS configuration boolean

VdsUplink (schema) (Deprecated)

VMware vSphere Distributed Switch (VDS) uplink/LAG mapping

If Virtual Distributed Switch is used as a HostSwitch to configure TransportNode or TransportNodeProfie, this mapping should be specified. You can either use vds_uplink_name or vds_lag_name to associate with uplink_name from UplinkHostSwitch profile.

Name Description Type Notes
uplink_name Uplink name from UplinkHostSwitch profile

This name is from UplinkHostSwitch profile that is associated with the HostSwitch specified in TransportNode or TransportNodeProfile configuration. This name will be used as an alias to either VDS uplink or lag in other configuration.		 string Required
vds_lag_name Link Aggregation Group (LAG) name of Virtual Distributed Switch

LAG name that is connected to Physical NIC on a host from vSphere.		 string
vds_uplink_name Uplink name of VMware vSphere Distributed Switch (VDS)

Uplink name of VDS that is connected to Physical NIC on a host from vSphere.		 string

VendorTemplate (schema)

Vendor Template registered for a service

Vendor Templates are registered by the partner service manager to be used in the service profile. They contain named (k-v) pairs.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
attributes Vendor Template attributes

List of attributes specific to a partner for which the vendor template is created. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. Attributes are not supported by guest introspection service.		 array of Attribute Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
functionality Functionality Type

The capabilities provided by the services. Needs to be one of the following | NG_FW - Next Generation Firewall | IDS_IPS - Intrusion detection System / Intrusion Prevention System | NET_MON - Network Monitoring | HCX - Hybrid Cloud Exchange | BYOD - Bring Your Own Device | EPP - Endpoint Protection.(Third party AntiVirus partners using NXGI should use this functionality for the service) | MPS - Malware Prevention Solution		 string Enum: NG_FW, IDS_IPS, NET_MON, HCX, BYOD, EPP, MPS
id Unique identifier of this resource string Sortable
redirection_action Redirection action

The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. Service profile inherits the redirection action specified at the vendor template and cannot override the action specified at the vendor template. Redirection action is not applicable to guest introspection service.		 string Enum: PUNT, COPY
Default: "PUNT"
resource_type Must be set to the value VendorTemplate string
service_id Service Id

The service to which the vendor template belongs.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vendor_template_key Vendor template key

Different VMs in data center can have Different protection levels as specified by administrator in the policy. The identifier for the policy with which the partner appliance identifies this policy. This identifier will be passed to the partner appliance at runtime to specify which protection level is applicable for the VM being protected.		 string

VendorTemplateListResult (schema)

Vendor Template List

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Service list

List of the Service-Insertion Services. The list has to be homogenous.		 array of VendorTemplate Required
Readonly
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VendorTemplateQueryParameters (schema)

Vendor template query parameters

Name Description Type Notes
vendor_template_name Name of vendor template

The name of the vendor template, created by partner.		 string

VerifiableAsymmetricLoginCredential (schema)

Name Description Type Notes
asymmetric_credential Asymmetric login credential string
credential_key Credential key string
credential_type Must be set to the value VerifiableAsymmetricLoginCredential string Required
credential_verifier Credential verifier string

VersionList (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
acceptable_versions List of component versions array of string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
resource_type Must be set to the value VersionList string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

VidmInfo (schema)

Vidm Info

Name Description Type Notes
display_name User's Full Name Or User Group's Display Name string Required
Readonly
name Username Or Groupname string Required
Readonly
type Type string Required
Readonly
Enum: remote_user, remote_group

VidmInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results List results array of VidmInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VidmInfoSearchRequestParameters (schema)

Vidm information search request parameters

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
search_string Search string to search for.

This is a substring search that is case insensitive.
string Required
sort_ascending boolean
sort_by Field by which records are sorted string

View (schema)

Dashboard View

Describes the configuration of a view to be displayed on the dashboard.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget.		 string Required
Maximum length: 255
exclude_roles Roles to which the shared view is not visible

Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.		 string Maximum length: 1024
id Unique identifier of this resource string Sortable
include_roles Roles to which the shared view is visible

Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.		 string Maximum length: 1024
resource_type Must be set to the value View string
shared Share the view with other users

Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.		 boolean Default: "False"
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the view

Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.		 int Default: "10000"
widgets Widgets

Array of widgets that are part of the view.		 array of WidgetItem Required
Minimum items: 0

ViewList (schema)

List of Views

Represents a list of views.

Name Description Type Notes
views Array of views

Array of views		 array of View Required
Readonly

ViewQueryParameters (schema)

Parameters for querying views

Name Description Type Notes
tag The tag for which associated views to be queried.

The tag for which associated views to be queried. For tags specified on views, scope is automatically set to 'nsx-dashboard' and hence scope is ignored for searching views based on tag.		 string Readonly
view_ids Ids of the Views

Comma separated ids of views to be queried.		 string Readonly
Maximum length: 8192
widget_id Id of widget configuration

Id of widget to be queried for all the views it is part of.		 string Readonly
Maximum length: 255

VifAttachmentContext (schema) (Deprecated)

Name Description Type Notes
allocate_addresses A flag to indicate whether to allocate addresses from allocation pools bound to the parent logical switch. string Enum: IpPool, MacPool, Both, None, Dhcp
app_id ID used to identify/look up a child VIF behind a parent VIF

An application ID used to identify / look up a child VIF
behind a parent VIF. Only effective when vif_type is CHILD.
string
bms_interface_config Application interface configuration for Bare metal server

Indicate application interface configuration for Bare Metal Server. Only
effective when vif_type is INDEPENDENT.
AttachedInterface
parent_vif_id VIF ID of the parent VIF if vif_type is CHILD string
resource_type Must be set to the value VifAttachmentContext string Required
traffic_tag Tag used for the traffic between this VIF and parent VIF

Current we use VLAN id as the traffic tag.
Only effective when vif_type is CHILD.
Each logical port inside a container must have a
unique traffic tag. If the traffic_tag is not
unique, no error is generated, but traffic will
not be delivered to any port with a non-unique tag.
int
transport_node_uuid The UUID of the transport node

Only effective when vif_type is INDEPENDENT.
Each logical port inside a bare metal server
or container must have a transport node UUID.
We use transport node ID as transport node UUID.
string
vif_type Type of the VIF attached to logical port string Required
Enum: PARENT, CHILD, INDEPENDENT

VifListRequestParameters (schema)

VirtualNetworkInterface list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
host_id Id of the host where this vif is located. string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
lport_attachment_id LPort Attachment Id of the virtual network interface. string
owner_vm_id External id of the virtual machine. string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
vm_id Internal identifier of the virtual machine. string

VifsOnEPListRequestParams (schema)

Request parameters for listing VIFs for an enforcement point

Request parameter for listing VIFs for an enforcement point

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
lport_attachment_id LPort attachment ID of the VIF. string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

VirtualEndpoint (schema)

This endpoint is strictly of the type Virtual

A VirtualEndpoint represents an IP (or nexthop) which is outside
SDDC. It represents a redirection target for RedirectionPolicy.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value VirtualEndpoint string Required
Enum: VirtualEndpoint, ServiceInstanceEndpoint
service_names Services for which this endpoint to be created

One VirtualEndpoint will be created per service name.		 array of string Required
Minimum items: 1
Maximum items: 1
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
target_ips IP addresses to redirect the traffic to

IPs where either inbound or outbound traffic is to be redirected.
array of IPInfo Required
Minimum items: 1
Maximum items: 1
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

VirtualEndpointListResult (schema)

Collection of vitual endpoints under a Tier0

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results All virtual endpoints under a Tier0 array of VirtualEndpoint Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VirtualMachine (schema)

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
compute_ids List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] array of string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id Current external id of this virtual machine in the system. string Required
guest_info Guest virtual machine details

Guest virtual machine details include OS name, computer name of guest VM. Currently
this is supported for guests on ESXi that have VMware Tools installed.
GuestInfo
host_id Id of the host in which this virtual machine exists. string
local_id_on_host Id of the vm unique within the host. string Required
power_state Current power state of this virtual machine in the system. string Required
Enum: VM_RUNNING, VM_STOPPED, VM_SUSPENDED, UNKNOWN
resource_type Must be set to the value VirtualMachine string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
source Reference of the Host or Public Cloud Gateway that reported the VM ResourceReference
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
type Virtual Machine type; Edge, Service VM or other. string Required
Readonly
Enum: EDGE, SERVICE, REGULAR, MP, INTELLIGENCE, VC_SYSTEM, UNKNOWN

VirtualMachineConfig (schema)

Virtual Machine Configuration

Stores the configurations for a virtual machine

Name Description Type Notes
vm_config_properties Properties to configure the way NSX manages virtual machine. VmConfigProperties
vm_id Instance ID

Identifier for virtual machine.		 string

VirtualMachineConfigList (schema)

Name Description Type Notes
virtual_machines Virtual machine configuration list

Stores a list of configuration of virtual machines.		 array of VirtualMachineConfig

VirtualMachineDetails (schema)

Virtual Machine Details

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
active_sessions List of active (still logged in) user login/sessions data (no limit)

List of active (still logged in) user login/session data (no limit).		 array of UserSession
archived_sessions Optional list of archived (previously logged in) user login/session data (maximum 5)

Optional list of up to 5 most recent archived (previously logged in) user login/session data.		 array of UserSession

VirtualMachineListRequestParameters (schema)

VirtualMachine list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
display_name Display Name of the virtual machine string
exclude_vm_type VM types to be excluded

Specifies VM types, which needs to be excluded. It will be comma seperated
to specify multiple VM type.
string
external_id External id of the virtual machine string
host_id Id of the host where this vif is located string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

VirtualMachineListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results VirtualMachine list results array of VirtualMachine Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VirtualMachineTagUpdate (schema)

Name Description Type Notes
external_id External id of the virtual machine to which tags are to be applied string Required
tags List of tags to be applied to the virtual machine array of Tag Required

VirtualMachineTagsUpdate (schema)

Payload to update the tags on a Virtual Machine

List of tags applied to the virtual machine. Based on the enforcement
point, the virtual_machine_id will be different. It could be an external
id for NSX T or a moid for NSX V

Name Description Type Notes
tags List of tags to be applied to the virtual machine

List of tags to be applied on the virtual machine
array of Tag Required
virtual_machine_id This is the value of the identifier on the enforcement point that uniquely identifies the virtual machine

The identifier that is used in the enforcement point that uniquely
identifies the virtual machine. In case of NSXT it would be the
value of the external_id of the virtual machine.
string Required

VirtualNetworkInterface (schema)

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
device_key Device key of the virtual network interface. string Required
device_name Device name of the virtual network interface. string
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External Id of the virtual network inferface. string Required
host_id Id of the host on which the vm exists. string Required
ip_address_info IP Addresses of the the virtual network interface, from various sources. array of IpAddressInfo
lport_attachment_id LPort Attachment Id of the virtual network interface. string
mac_address MAC address of the virtual network interface. string Required
owner_vm_id Id of the vm to which this virtual network interface belongs. string Required
owner_vm_type Owner virtual machine type; Edge, Service VM or other. string Readonly
Enum: EDGE, SERVICE, REGULAR
resource_type Must be set to the value VirtualNetworkInterface string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
vm_local_id_on_host Id of the vm unique within the host. string Required

VirtualNetworkInterfaceListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results VirtualNetworkInterface list results array of VirtualNetworkInterface Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VirtualPortgroup (schema)

Virtual portgroup on a virtual switch

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cm_local_id Id of the portgroup in compute manager

Id of the portgroup, eg. a mo-ref from VC.		 string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External id of the virtual portgroup string Required
Readonly
origin_type Portgroup type like DistributedVirtualPortgroup string Readonly
resource_type Must be set to the value VirtualPortgroup string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

VirtualPrivateCloudConfig (schema)

Virtual Private Cloud Config

Stores configuration of the virtual private cloud managed
using a transit virtual private cloud.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
cloud_fallback_security_group_id Id of Cloud Security Group

Id of security group where the VMs should be moved after last gateway
undeployed. This field is required only when
default_quarantine_policy_enabled field is set to false.
string
default_quarantine_policy_enabled Flag to Identify if Default Quarantine Policy is Enabled

Flag to convey if virtual machines belonging to the compute
virtual private cloud should be quarantined or not.
boolean Default: "False"
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
managed_without_agents Managed Without NSX Agents

This flag determines if this compute virtual private cloud is managed
with or without NSX agents.
boolean Default: "False"
resource_type Must be set to the value VirtualPrivateCloudConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

VirtualPrivateCloudInfo (schema)

Virtual Private Cloud Information

Stores the array of account IDs and virtual private cloud ID related to
the cloud account.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
associated_account_ids Array of Cloud Account IDs

Cloud account ID related to the virtual private cloud.
array of string Required
Readonly
virtual_private_cloud_id Virtual Private Cloud ID

Virtual private cloud ID of the corresponding cloud.
string Required
Readonly
virtual_private_cloud_name Virtual Private Cloud name

Virtual private cloud name of the corresponding cloud.
string Required
Readonly

VirtualPrivateCloudStatus (schema)

Virtual Private Cloud Status

Stores the information related to onboard and offboard status of virtual private cloud.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
error_code Error Code

Error code related to virtual private cloud
Onboard/Offboard failure.
integer Readonly
error_message Error Message

Error message related to virtual private cloud
Onboard/Offboard failure.
string Readonly
offboard_step States of Virtual Private Cloud While OffBoard

Stores the different states of virtual private cloud while
offboarding from a transit virtual private cloud.
string Readonly
Enum: UNCONFIGURING_GATEWAY, DELETING_SECURITY_GROUPS, OFFBOARD_SUCCESSFUL, OFFBOARD_FAILED, NOT_APPLICABLE
onboard_step States of Virtual Private Cloud While Onboard

Stores the different states of virtual private cloud while
onboarding using a transit virtual private cloud.
string Readonly
Enum: VALIDATING_ENVIRONMENT, CREATING_SECURITY_GROUPS, CONFIGURING_GATEWAY, ONBOARD_SUCCESSFUL, ONBOARD_FAILED, NOT_APPLICABLE
status Virtual Private Cloud Status

Indicates the status of a virtual private cloud.
UP: virtual private cloud is NSX managed.
DOWN: virtual private cloud is NSX managed with errors.
ONBOARDING: virtual private cloud is in the process of
onboarding using a transit virtual private cloud.
OFFBOARDING: virtual private cloud is in the process of
offboarding from a transit virtual private cloud.
NOT_APPLICABLE: virtual private cloud is NSX unmanaged.
string Readonly
Enum: UP, DOWN, ONBOARDING, OFFBOARDING, NOT_APPLICABLE
virtual_private_cloud_name Virtual Private Cloud Name

Name of the transit virtual private cloud.
string Readonly

VirtualServerIpProtocol (schema)

IP protocol of virtual server

Assigned Internet protocol in IP header, TCP and UDP are supported.

Name Description Type Notes
VirtualServerIpProtocol IP protocol of virtual server

Assigned Internet protocol in IP header, TCP and UDP are supported.
string Enum: TCP, UDP

VirtualServiceInstance (schema)

Custom Instance of a service

VirtualServiceInstance is a custom instance to be used when NSX is not handling the lifecycles of appliance/s and the user is not bringing their own appliance (BYOD).

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
on_failure_policy On Failure Policy

Failure policy of the service instance - if it has to be different from the service. By default the service instance inherits the FailurePolicy of the service it belongs to.		 string Enum: ALLOW, BLOCK
resource_type Must be set to the value VirtualServiceInstance ServiceInstanceResourceType Required
service_id Service Id

The Service to which the service instance is associated.		 string Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
transport_type Transport Type

Transport to be used by this service instance for deploying the Service-VM. This field is to be set Not Applicable(NA) if the service only caters to functionality EPP(Endpoint Protection) and MPS.		 string Required
Enum: L2_BRIDGE, L3_ROUTED, NSH, NA

VirtualSwitch (schema)

Virtual switch on a compute manager

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cm_local_id ID of the virtual switch in compute manager string Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id External id of the virtual switch string Required
Readonly
origin_id ID of the compute manager

ID of the compute manager where this virtual switch is discovered.
string Readonly
origin_type Switch type like VmwareDistributedVirtualSwitch string Readonly
resource_type Must be set to the value VirtualSwitch string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

VirtualSwitchListRequestParameters (schema)

Virtual switch list parameters

Name Description Type Notes
cm_local_id Local Id of the virtual switch string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
discovered_node_id Discovered node ID

All virtual switches connected to this discovered node.		 string
display_name Display name of the virtual switch string
external_id External id of the virtual switch string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
origin_id ID of the compute manager string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string
uuid UUID of the switch string

VirtualSwitchListResult (schema)

Virtual switch list result

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Virtual switch list results array of VirtualSwitch Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VlanID (schema)

Virtual Local Area Network Identifier

Name Description Type Notes
VlanID Virtual Local Area Network Identifier integer Minimum: 0
Maximum: 4094

VlanMirrorSource (schema)

Name Description Type Notes
resource_type Must be set to the value VlanMirrorSource MirrorSourceResourceType Required
vlan_ids Source VLAN ID list array of VlanID Required
Minimum items: 1

VlanMtuHealthCheckResultStatus (schema)

VLAN-MTU Health Check Result Status

Status of VLAN-MTU health check result;
TRUNKED - all specified VLAN IDs are allowed by VLAN and MTU settings;
UNTRUNKED - some/all specified VLAN IDs may be disallowed by VLAN or MTU settings;
UNKNOWN - some/all health check result are unknown due to either infrastructure
issues or no available check result.

Name Description Type Notes
VlanMtuHealthCheckResultStatus VLAN-MTU Health Check Result Status

Status of VLAN-MTU health check result;
TRUNKED - all specified VLAN IDs are allowed by VLAN and MTU settings;
UNTRUNKED - some/all specified VLAN IDs may be disallowed by VLAN or MTU settings;
UNKNOWN - some/all health check result are unknown due to either infrastructure
issues or no available check result.
string Enum: TRUNKED, UNTRUNKED, UNKNOWN

VlanTrunkSpec (schema) (Deprecated)

VLAN trunk range specification

VlanTrunkspec is used for specifying trunk VLAN id ranges.

Name Description Type Notes
vlan_ranges Trunk VLAN id ranges array of TrunkVlanRange Required

VlanVniRangePair (schema)

Vlan Vni pair resource

Vlan-Vni mapping pair resource in EvpnTenantConfig for ROUTE-SERVER Evpn mode

Name Description Type Notes
vlans List of VLAN ids

List of VLAN ids and VLAN ranges (specified with '-').		 string Required
vnis List of VNI ids

List of VNI ids and VNI ranges (specified with '-'). The vni id is used for VXLAN transmission for a given tenant Vlan ID in ROUTE-SERVER Evpn.		 string Required

VmConfigError (schema)

Error in realising vm config property

Error in realising vm config property.

Name Description Type Notes
error_code Error code for vm config operation failure integer Readonly
error_message Error message for vm config operation failure string Readonly

VmConfigProperties (schema)

User configurable properties

Properties to configure the way NSX manages virtual machine.

Name Description Type Notes
usermanaged Flag to identify if this instance is usermanaged or not.

Setting this flag to true means NSX will not consider this
instance while performing quarantine operation.
boolean Default: "False"
whitelisted Flag to identify if this instance is whitelisted or not.

Setting this flag to true means NSX will not consider this
instance while performing quarantine operation.
[DEPRECATED - replace with usermanaged]
boolean Deprecated
Default: "False"

VmConfigStatus (schema)

Status for user configurable properties

Status for user configurable properties.

Name Description Type Notes
usermanaged Status for marking an instance as UserManaged. UserManagedStatus Readonly
whitelist Status for whitelisting operation.

WhitelistingStatus is deprecated and is replaced with UserManagedStatus		 WhitelistingStatus Deprecated
Readonly

VmNicInfo (schema)

Set of NIC information of a VM

Contains a set of information of a VM on the network interfaces present on the partner appliance that needs to be configured by the NSX Manager.

Name Description Type Notes
nic_infos Set of NIC information of a VM

Set of information of a VM on the network interfaces present on the partner appliance that needs to be configured by the NSX Manager.		 array of NicInfo Required

VmToolsInfo (schema)

Name Description Type Notes
_last_sync_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
external_id VM external ID

Current external id of this virtual machine in the system.		 string Readonly
file_agent_version File agent version on the VM

Version of file agent on the VM of a third party partner solution.		 string Readonly
host_local_id VM ID given by the host

Id of the VM which is assigned locally by the host. It is the VM-moref on ESXi hosts, in other environments it is VM UUID.		 string Readonly
network_agent_version Network agent version on the VM

Version of network agent on the VM of a third party partner solution.		 string Readonly
resource_type Must be set to the value VmToolsInfo string Required
scope List of scopes for discovered resource

Specifies list of scope of discovered resource. e.g. if VHC path is associated with
principal identity, who owns the discovered resource, then scope id will be VHC path
and scope type will be VHC.
array of DiscoveredResourceScope
source Reference of the Host or Public Cloud Gateway that reported the VM. ResourceReference Readonly
svmStatus SvmConnectivityStatus list.

Connectivity Status between each Guest Introspection Solution deployed in the data center with the guest VM.		 array of SvmConnectivityStatus
svm_connectivity Endpoint Protection status on the VM

Endpoint Protection (Third party AV partner using NXGI) status on the VM. TRUE - VM is configured and protected by EPP Service VM. FALSE - VM is either not configured for protection or VM is disconnected from EPP Service VM.		 boolean Readonly
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
tools_version VM tools version on the VM

Version of VMTools installed on the VM.		 string Readonly
vm_type Virtual Machine type

Type of VM - Edge, Service or other.		 string Readonly
Enum: EDGE, SERVICE, REGULAR

VmToolsInfoListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results VmToolsInfo list results. array of VmToolsInfo Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VmknicNetwork (schema) (Deprecated)

Vmknic network specification

Mapping of all vmk interfaces to destination networks

Name Description Type Notes
destination_network The network id to which the ESX vmk interface will be migrated.

When migrating vmks to N-VDS/logical switches, the id is the logical switch id. When migrating out of N-VDS/logical switches, the id is the vSphere Switch portgroup name in a single vSphere Standard Switch (VSS), or distributed virtual portgroup name in a single distributed virtual switch (DVS).		 string Required
device_name ESX vmk interface name

The vmk interface name, e.g., vmk0, vmk1; the id assigned by vCenter.		 string Required

VnetStats (schema)

Virtual Network statistics

Stores statistics of the number of MANAGED and UNMANAGED virtual networks.

Name Description Type Notes
error Erroneous virtual networks

The number of VNets with status NSX_GATEWAY_ERROR
and NSX_COMPUTE_ERROR.
integer Readonly
managed Managed virtual networks

The number of virtual networks with status NSX_MANAGED.		 integer Readonly
unmanaged Unmanaged virtual networks

The number of vitual networks with status NSX_UNMANAGED.		 integer Readonly

VniPool (schema)

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
ranges VNI range list results array of VniRange Required
resource_type Must be set to the value VniPool string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

VniPoolConfig (schema)

Vni Pool Config

Vni Pool Configuration.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
children subtree for this type within policy tree

subtree for this type within policy tree containing nested elements.
array of ChildPolicyConfigResource
Children are not allowed for this type
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
end End value of VNI Pool range int Required
Minimum: 75001
Maximum: 16777215
id Unique identifier of this resource string Sortable
marked_for_delete Indicates whether the intent object is marked for deletion

Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
boolean Readonly
Default: "False"
overridden Indicates whether this object is the overridden intent object

Global intent objects cannot be modified by the user.
However, certain global intent objects can be overridden locally by use
of this property. In such cases, the overridden local values take
precedence over the globally defined values for the properties.
boolean Readonly
Default: "False"
parent_path Path of its parent

Path of its parent		 string Readonly
path Absolute path of this object

Absolute path of this object		 string Readonly
realization_id A unique identifier assigned by the system for realizing intent

This is a UUID generated by the system for realizing the entity object.
In most cases this should be same as 'unique_id' of the entity. However,
in some cases this can be different because of entities have migrated thier
unique identifier to NSX Policy intent objects later in the timeline and did
not use unique_id for realization. Realization id is helpful for users to
debug data path to correlate the configuration with corresponding intent.
string Readonly
relative_path Relative path of this object

Path relative from its parent		 string Readonly
resource_type Must be set to the value VniPoolConfig string
start Start value of VNI Pool range int Required
Minimum: 75001
Maximum: 16777215
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
unique_id A unique identifier assigned by the system

This is a UUID generated by the GM/LM to uniquely identify
entites in a federated environment. For entities that are
stretched across multiple sites, the same ID will be used
on all the stretched sites.
string Readonly

VniPoolConfigListRequestParameters (schema)

Vni Pool Config list request parameters

Vni Pool Config list request parameters.

Name Description Type Notes
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
include_mark_for_delete_objects Include objects that are marked for deletion in results

If true, resources that are marked for deletion will be included
in the results. By default, these resources are not included.
boolean Default: "False"
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
sort_ascending boolean
sort_by Field by which records are sorted string

VniPoolConfigListResult (schema)

Paged Collection of Vni Pool Configuration

Collection of Vni Pool Configuration.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Vni Pool Config list results

Vni Pool Config list results		 array of VniPoolConfig Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VniPoolDeleteRequestParameters (schema)

VniPool delete request parameters

Name Description Type Notes
force Force delete the resource even if it is being used somewhere

If true, deleting the resource succeeds even if it is being
referred as a resource reference.
boolean Default: "False"

VniPoolListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results VNI pool list results array of VniPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VniRange (schema)

A range of virtual network identifiers (VNIs)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
end End value of vni range

End value for vni range to be used for virtual networks		 integer Required
Minimum: 5000
Maximum: 16777215
start Start value of vni range

Start value for vni range to be used for virtual networks		 integer Required
Minimum: 5000
Maximum: 16777215

VpcStats (schema)

VPC statistics

Stores statistics of the number of MANAGED and UNMANAGED VPCs.

Name Description Type Notes
error Erroneous VPCs

The number of VPCs with status NSX_GATEWAY_ERROR
and NSX_COMPUTE_ERROR.
integer Readonly
managed Managed VPCs

The number of VPCs with status NSX_MANAGED.		 integer Readonly
unmanaged Unmanaged VPCs

The number of VPCs with status NSX_UNMANAGED.		 integer Readonly

VpnRoutingTableState (schema)

Public Cloud Routing Table State

State of a public cloud routing table from VPN point of view

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
account_id Identifier for account based on which routing tables are to be filtered string Required
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Public Cloud Routing Table Identifier

The identifier of the public cloud routing table
string Required
managed_for_vpn NSX Managed Routing Table

Flag to identify whether the routing table is actually managed by NSX for VPN		 boolean Required
network_id Identifier for a network based on which the list are to be filtered string Required
reason_for_not_managed Unmanaged Table Reason

Reason why a routing table is not being managed for VPN		 string Enum: RT_CONTAINS_MGMT_SUBNET, RT_CONTAINS_UPLINK_SUBNET, RT_CONTAINS_MGMT_UPLINK_SUBNET, NONSELECTED
resource_type Must be set to the value VpnRoutingTableState string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

VpnRoutingTableStateListResult (schema)

List of Public Cloud Routing State

List of public cloud routing tables and their state.
It contains the state information relevant for VPN.

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Public Cloud Routing State Tables

Set of public cloud routing tables and their state		 array of VpnRoutingTableState Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VpnRoutingTablesStateListRequestParameters (schema)

These parameters can be used to filter the list of routing table states.
Multiple parameters can be given as input. Different parameters are implicitly 'AND'ed.

Name Description Type Notes
account_id Identifier for account based on which routing tables are to be filtered string
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string
included_fields Comma separated list of fields that should be included in query result

Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.		 string
managed_for_vpn Flag to identify whether the routing table is actually managed by NSX for VPN boolean
network_id Identifier for a network based on which the list is to be filtered string
page_size Maximum number of results to return in this page (server may return fewer) integer Minimum: 0
Maximum: 1000
Default: "1000"
reason_for_not_managed Reason why a routing table is not being managed for VPN string Enum: RT_CONTAINS_MGMT_SUBNET, RT_CONTAINS_UPLINK_SUBNET, RT_CONTAINS_MGMT_UPLINK_SUBNET, NONSELECTED
sort_ascending boolean
sort_by Field by which records are sorted string

VrfEvpnL2VniConfig (schema)

Name Description Type Notes
enable_vtep_groups Flag to enable or disable the creation of vtep groups

This is used to enable or disable the creation of vtep groups. Each vtep group
is used to group vteps with the same MAC for L2 ECMP usage.
boolean Default: "False"
l2_vni_configs L2 VNI configurations associated with the VRF

Define L2 VNI and its related route distinguiser and route targets.
array of VrfL2VniConfig Required
Minimum items: 1
Maximum items: 1

VrfL2VniConfig (schema)

Name Description Type Notes
l2_vni L2 VNI associated with the VRF

L2 VNI associated with the VRF. It must be unique and available from the VNI
pool defined for EVPN service.
int Required
route_distinguisher The unique route distinguisher for the virtual routing and forwarding instance

This is a 64 bit number which disambiguates overlapping logical networks, with
format in IPAddress: or ASN:.
string Required
route_targets Route targets

Route targets.		 array of VrfRouteTargets Required
Minimum items: 1
Maximum items: 1

VrfRouteTargets (schema)

Vrf Route Targets

Vrf Route Targets for import/export.

Name Description Type Notes
address_family Address family

Address family.		 string Enum: L2VPN_EVPN
Default: "L2VPN_EVPN"
export_route_targets Export route targets

Export route targets with format in ASN:.		 array of string
import_route_targets Import route targets

Import route targets with format in ASN:.		 array of string

VrniGlobalCollector (schema)

NSX global configs for VRNI global collector

Name Description Type Notes
collector_ip IP address for the global collector collector

IP address for the global collector.		 IPAddress Required
collector_port Port for the global collector

Port for the global collector.		 int Required
Minimum: 0
Maximum: 65535
collector_type Must be set to the value VrniGlobalCollector GlobalCollectorType Required
report_interval Report interval for operation data in seconds

Report interval for operation data in seconds.		 int Required
Minimum: 1
Maximum: 1800
Default: "30"

VsphereClusterNodeVMDeploymentConfig (schema)

Deployment config on the Vsphere platform

The Vsphere deployment configuration determines where to deploy the
cluster node VM through a vCenter server. It contains settings that are
applied during install time.
If using DHCP, the following fields must be left unset - dns_servers,
management_port_subnets, and default_gateway_addresses

Name Description Type Notes
allow_ssh_root_login Allow root SSH logins

If true, the root user will be allowed to log into the VM.
Allowing root SSH logins is not recommended for security reasons.
boolean Default: "False"
compute_id Cluster identifier or resourcepool identifier

The cluster node VM will be deployed on the specified cluster or
resourcepool for specified VC server.
string Required
default_gateway_addresses Default gateway for the VM

The default gateway for the VM to be deployed must be specified if all
the other VMs it communicates with are not in the same subnet.
Do not specify this field and management_port_subnets to use DHCP.
Note: only single IPv4 default gateway address is supported and it
must belong to management network.
IMPORTANT: VMs deployed using DHCP are currently not supported,
so this parameter should be specified.
array of IPAddress Minimum items: 1
Maximum items: 1
disk_provisioning Disk provitioning type

Specifies the disk provisioning type of the VM.
DiskProvisioning Default: "THIN"
dns_servers DNS servers

List of DNS servers.
If DHCP is used, the default DNS servers associated with
the DHCP server will be used instead.
Required if using static IP.
array of IPv4Address Minimum items: 1
enable_ssh Enable SSH

If true, the SSH service will automatically be started on the VM.
Enabling SSH service is not recommended for security reasons.
boolean Default: "False"
folder_id Folder identifier

Specifies the folder in which the VM should be placed.
string
host_id Host identifier

The cluster node VM will be deployed on the specified host in the
specified VC server within the cluster if host_id is specified.
Note: User must ensure that storage and specified networks are
accessible by this host.
string
hostname Host name or FQDN for the VM

Desired host name/FQDN for the VM to be deployed		 string Required
Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*?$"
management_network_id Portgroup identifier for management network connectivity

Distributed portgroup identifier to which the management vnic of
cluster node VM will be connected.
string Required
management_port_subnets Port subnets for management port

IP Address and subnet configuration for the management port.
Do not specify this field and default_gateway_addresses to use DHCP.
Note: only one IPv4 address is supported for the management port.
IMPORTANT: VMs deployed using DHCP are currently not supported,
so this parameter should be specified.
array of IPSubnet Minimum items: 1
Maximum items: 1
ntp_servers NTP servers

List of NTP servers.
To use hostnames, a DNS server must be defined. If not using DHCP,
a DNS server should be specified under dns_servers.
array of HostnameOrIPv4Address
placement_type Must be set to the value VsphereClusterNodeVMDeploymentConfig string Required
Enum: VsphereClusterNodeVMDeploymentConfig
search_domains DNS search domain names

List of domain names that are used to complete unqualified host names.
array of string
storage_id Storage/datastore identifier

The cluster node VM will be deployed on the specified datastore in
the specified VC server. User must ensure that storage is accessible
by the specified cluster/host.
string Required
vc_id Vsphere compute identifier for identifying VC server

The VC-specific identifiers will be resolved on this VC, so all other
identifiers specified in the config must belong to this vCenter server.
string Required

VsphereDeploymentConfig (schema)

The Vsphere deployment configuration determines where to deploy the edge
node. It contains settings that are applied during install time.
Use EdgeNodeSettings to specify host name, SSH, NTP and DNS settings for
both deployment and consequent update. These settings are editable for
manually deployed edge nodes as well.
EdgeNodeSettings reports current values configured on the edge node.

Name Description Type Notes
advanced_configuration Advanced configuration

This field is deprecated. EdgeNodeSettings field 'advanced_configuration'
must be used instead. Array of additional specific properties for
advanced or cloud-specific deployments in key-value format.
array of KeyValuePair Deprecated
compute_folder_id Compute folder identifier in the specified vcenter server.

The edge node vm will be deployed on the specified compute folder created in a datacenter,
if compute folder is specified.
Note - User must ensure that compute folder is accessible by specified cluster/host.
string
compute_id Cluster identifier or resourcepool identifier for specified vcenter server.

The edge node vm will be deployed on the specified cluster or resourcepool.
Note - all the hosts must have nsx fabric prepared in the specified cluster.
string Required
data_network_ids List of portgroups, logical switch identifiers or segment paths for datapath connectivity.

List of distributed portgroups, VLAN logical switch identifiers or segment
paths to which the datapath serving vnics of edge node vm will be connected.
If a VM network interface is not configured, it is disconnected and
represented as an empty string.
array of string Required
Minimum items: 1
Maximum items: 4
default_gateway_addresses Default gateway for the node.

The default gateway for edge node must be specified if all the nodes it
communicates with are not in the same subnet.
Note: Only single IPv4 default gateway address is supported and it must
belong to management network.
array of IPAddress Minimum items: 1
Maximum items: 1
host_id Host identifier in the specified vcenter server.

The edge node vm will be deployed on the specified Host within the cluster
if host_id is specified.
Note - User must ensure that storage and specified networks are accessible by this host.
string
management_network_id Portgroup, logical switch identifier or segment path for management network connectivity.

Distributed portgroup identifier to which the management vnic of edge node vm
will be connected. This portgroup must have connectivity with MP and CCP. A
VLAN logical switch identifier may also be specified.
If VM network interface is not connected, it is represented as an empty string.
string Required
management_port_subnets Port subnets for management port. Only one IPv4 Address is supported.

IP Address and subnet configuration for the management port. Note:
only one IPv4 address is supported for the management port.
array of IPSubnet Minimum items: 1
Maximum items: 1
placement_type Must be set to the value VsphereDeploymentConfig string Required
Enum: VsphereDeploymentConfig
reservation_info Resource reservation settings.

Resource reservation for memory and CPU resources.
ReservationInfo
resource_allocation Current resource allocation.

Allocation for memory and CPU resources.
ResourceAssignment
storage_id Storage/datastore identifier in the specified vcenter server.

The edge node vm will be deployed on the specified datastore. User must ensure
that storage is accessible by the specified cluster/host.
string Required
vc_id Vsphere compute identifier for identifying the vcenter server.

The vc specific identifiers will be resolved on this VC.
So all other identifiers specified here must belong to this vcenter server.
string Required

VtepCsvListResult (schema)

Name Description Type Notes
file_name File name

File name set by HTTP server if API returns CSV result as a file.		 string
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
results array of VtepTableCsvRecord

VtepLabelPool (schema)

A collection of ranges of virtual tunnel endpoint labels

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set		 string Maximum length: 255
Sortable
id Unique identifier of this resource string Sortable
pool_usage Pool usage statistics VtepLabelPoolUsage Readonly
ranges Array of ranges for virtual tunnel endpoint labels array of VtepLabelRange Required
resource_type Must be set to the value VtepLabelPool string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30

VtepLabelPoolListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results Virtual tunnel endpoint label pool list results array of VtepLabelPool Required
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly

VtepLabelPoolUsage (schema)

Pool usage statistics in a pool

Name Description Type Notes
allocated_ids Total number of allocated IDs in a pool integer Readonly
free_ids Total number of free IDs in a pool integer Readonly
total_ids Total number of IDs in a pool integer Readonly

VtepLabelRange (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
end Virtual tunnel endpoint label range end

End value for virtual tunnel endpoint label range		 integer Required
Minimum: 1
Maximum: 131071
start Virtual tunnel endpoint label range start

Start value for virtual tunnel endpoint label range		 integer Required
Minimum: 1
Maximum: 131071

VtepListResult (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
cursor Opaque cursor to be used for getting next page of records (supplied by current result page) string Readonly
last_update_timestamp Timestamp when the data was last updated; unset if data source has never updated the data. EpochMsTimestamp Readonly
logical_switch_id The id of the logical Switch string Required
Readonly
result_count Count of results found (across all pages), set only on first page integer Readonly
results array of VtepTableEntry
sort_ascending If true, results are sorted in ascending order boolean Readonly
sort_by Field by which records are sorted string Readonly
transport_node_id Transport node identifier string Readonly

VtepTableCsvRecord (schema)

Name Description Type Notes
segment_id The segment Id string
vtep_ip The virtual tunnel endpoint IP address IPAddress
vtep_label The virtual tunnel endpoint label integer Required
vtep_mac_address The virtual tunnel endpoint MAC address string Required

VtepTableEntry (schema)

Name Description Type Notes
segment_id The segment Id string
vtep_ip The virtual tunnel endpoint IP address IPAddress
vtep_label The virtual tunnel endpoint label integer
vtep_mac_address The virtual tunnel endpoint MAC address string

WaveFrontGlobalCollector (schema)

NSX global configs for WAVE_FRONT global collector

Name Description Type Notes
collector_ip IP address for the global collector collector

IP address for the global collector.		 IPAddress Required
collector_port Port for the global collector

Port for the global collector.		 int Required
Minimum: 0
Maximum: 65535
collector_type Must be set to the value WaveFrontGlobalCollector GlobalCollectorType Required
tracing_port Port for the Wavefront tracing

Port for the Wavefront tracing.		 int Minimum: 0
Maximum: 65535
Default: "30001"

WeeklyBackupSchedule (schema)

Schedule to specify day of the week and time to take automated backup

Name Description Type Notes
days_of_week Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ... array of integer Required
Minimum items: 1
Maximum items: 7
hour_of_day Time of day when backup is taken integer Required
Minimum: 0
Maximum: 23
minute_of_day Time of day when backup is taken integer Required
Minimum: 0
Maximum: 59
resource_type Must be set to the value WeeklyBackupSchedule string Required
Enum: WeeklyBackupSchedule, IntervalBackupSchedule

WeeklyTelemetrySchedule (schema)

Name Description Type Notes
day_of_week Day of week on which data will be collected

Day of week on which data will be collected. Specify one of SUNDAY through SATURDAY.
string Required
Enum: SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY
frequency_type Must be set to the value WeeklyTelemetrySchedule string Required
hour_of_day Hour at which data will be collected

Hour at which data will be collected. Specify a value between 0 through 23.
integer Required
Minimum: 0
Maximum: 23
minutes Minute at which data will be collected

Minute at which data will be collected. Specify a value between 0 through 59.
integer Minimum: 0
Maximum: 59
Default: "0"

WhiteListProvisionType (schema) (Deprecated)

Ways to provide white listed addresses for SpoofGuard

Name Description Type Notes
WhiteListProvisionType Ways to provide white listed addresses for SpoofGuard string Deprecated
Enum: LPORT_BINDINGS, LSWITCH_BINDINGS

WhitelistingStatus (schema) (Deprecated)

Status for whitelisting operation

Status for whitelisting operation.

Name Description Type Notes
whitelist_errors VmConfigError Readonly
whitelisted Property to identify if this instance is whitelisted or not.

DEPRECATED. Property whitelisted YES means NSX will not consider this
instance while performing quarantine operation.
Value IN_PROGRESS signifies the state change is under progress.
string Required
Enum: YES, NO, IN_PROGRESS

WidgetConfiguration (schema)

Dashboard Widget Configuration

Describes the configuration of a widget to be displayed on the dashboard. WidgetConfiguration is a base type that provides attributes of a widget in-general.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.		 array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.		 int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
condition Expression for evaluating condition

If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.		 string Maximum length: 1024
datasources Array of Datasource Instances with their relative urls

The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.		 array of Datasource Minimum items: 0
default_filter_value Default filter value to be passed to datasources

Default filter values to be passed to datasources. This will be used when the report is requested without filter values.		 array of DefaultFilterValue
description Description of this resource string Maximum length: 1024
Sortable
display_name Widget Title

Title of the widget. If display_name is omitted, the widget will be shown without a title.		 string Maximum length: 255
drilldown_id Id of drilldown widget

Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.		 string Maximum length: 255
feature_set Features required to view the widget

Features required to view the widget.		 FeatureSet
filter Id of filter widget for subscription

Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.		 string Deprecated
filter_value_required Flag to indicate if filter value is necessary

Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.		 boolean Default: "True"
filters A List of filter ids applied to this widget configuration

A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.		 array of string
footer Footer
icons Icons

Icons to be applied at dashboard for widgets and UI elements.		 array of Icon
id Unique identifier of this resource string Sortable
is_drilldown Set as a drilldown widget

Set to true if this widget should be used as a drilldown.		 boolean Default: "False"
legend Legend for the widget

Legend to be displayed. If legend is not needed, do not include it.		 Legend
plot_configs List of plotting configuration for a given widget.

List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.		 array of WidgetPlotConfiguration
resource_type Must be set to the value WidgetConfiguration string Required
Readonly
Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration
Maximum length: 255
rowspan Vertical span

Represents the vertical span of the widget / container. 1 Row span is equal to 20px.		 int Minimum: 1
shared Visiblity of widgets to other users

Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.		 boolean Deprecated
show_header This decides to show the container header or not.

If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.		 boolean
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30
weight Weightage or placement of the widget or container

Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.		 int Deprecated

WidgetConfigurationList (schema)

List of Widget Configurations

Represents a list of widget configurations.

Name Description Type Notes
widgetconfigurations Array of widget configurations

Array of widget configurations		 array of WidgetConfiguration
(Abstract type: pass one of the following concrete types)
ContainerConfiguration
CustomFilterWidgetConfiguration
CustomWidgetConfiguration
DonutConfiguration
DropdownFilterWidgetConfiguration
FilterWidgetConfiguration
GraphConfiguration
GridConfiguration
LabelValueConfiguration
LegendWidgetConfiguration
MultiWidgetConfiguration
SpacerWidgetConfiguration
StatsConfiguration
TimeRangeDropdownFilterWidgetConfiguration
WidgetConfiguration		 Required
Readonly

WidgetItem (schema)

Widget held by MultiWidgetConfiguration or Container or a View

Represents a reference to a widget that is held by a container or a multi-widget or a View.

Name Description Type Notes
alignment Alignment of widget inside container

Aligns widget either left or right.		 string Enum: LEFT, RIGHT
Default: "LEFT"
label Label of the the report

Applicable for 'DonutConfiguration' and 'StatsConfiguration' reports only. If label is not specified, then it defaults to the label of the donut or stats report.		 Label
rowspan Vertical span

Represents the vertical span of the widget / container		 int Minimum: 1
separator A separator after this widget

If true, separates this widget in a container.		 boolean Default: "False"
span Horizontal span

Represents the horizontal span of the widget / container.		 int Minimum: 1
Maximum: 12
weight Weightage or placement of the widget or container

Determines placement of widget or container relative to other widgets and containers. The lower the weight, the higher it is in the placement order.		 int Default: "10000"
widget_id Id of the widget configuration

Id of the widget configuration that is held by a multi-widget or a container or a view.		 string Required
Maximum length: 255

WidgetPlotConfiguration (schema)

Base type for widget plot config

Base type for widget plot config.

Name Description Type Notes
allow_maximize Allow maximize capability for this widget

Allow maximize capability for this widget		 boolean
condition Expression for evaluating condition for this chart config

If the condition is met then the given chart config is applied to the widget configuration.		 string Maximum length: 1024

WidgetQueryParameters (schema)

Parameters for querying widget configurations

Name Description Type Notes
container Id of the container

Id of the container whose widget configurations are to be queried.		 string Readonly
Maximum length: 255
widget_ids Ids of the WidgetConfigurations

Comma separated ids of WidgetConfigurations to be queried.		 string Readonly
Maximum length: 8192

X509Certificate (schema)

Name Description Type Notes
dsa_public_key_g One of the DSA cryptogaphic algorithm's strength parameters, base. string Readonly
dsa_public_key_p One of the DSA cryptogaphic algorithm's strength parameters, prime. string Readonly
dsa_public_key_q One of the DSA cryptogaphic algorithm's strength parameters, sub-prime. string Readonly
dsa_public_key_y One of the DSA cryptogaphic algorithm's strength parameters. string Readonly
ecdsa_curve_name ECDSA Curve Name

The Curve name for the ECDSA certificate.		 string Readonly
ecdsa_ec_field ECDSA Elliptic Curve Finite Field

Represents an elliptic curve (EC) finite field in ECDSA.		 string Readonly
Enum: F2M, FP
ecdsa_ec_field_f2mks ECDSA Elliptic Curve F2MKS

The order of the middle term(s) of the reduction polynomial in elliptic curve (EC) | characteristic 2 finite field.| Contents of this array are copied to protect against subsequent modification in ECDSA.		 array of integer Readonly
ecdsa_ec_field_f2mm ECDSA Elliptic Curve F2MM

The first coefficient of this elliptic curve in elliptic curve (EC) | characteristic 2 finite field for ECDSA.		 integer Readonly
ecdsa_ec_field_f2mrp ECDSA Elliptic Curve F2MRP

The value whose i-th bit corresponds to the i-th coefficient of the reduction polynomial | in elliptic curve (EC) characteristic 2 finite field for ECDSA.		 string Readonly
ecdsa_ec_field_f2pp ECDSA Elliptic Curve F2PP

The specified prime for the elliptic curve prime finite field in ECDSA.		 string Readonly
ecdsa_public_key_a ECDSA Elliptic Curve Public Key A

The first coefficient of this elliptic curve in ECDSA.		 string Readonly
ecdsa_public_key_b ECDSA Elliptic Curve Public Key B

The second coefficient of this elliptic curve in ECDSA.		 string Readonly
ecdsa_public_key_cofactor ECDSA Elliptic Curve Public Key Cofactor

The co-factor in ECDSA.		 integer Readonly
ecdsa_public_key_generator_x ECDSA Elliptic Curve Public Key X

X co-ordinate of G (the generator which is also known as the base point) in ECDSA.		 string Readonly
ecdsa_public_key_generator_y ECDSA Elliptic Curve Public Key Y

Y co-ordinate of G (the generator which is also known as the base point) in ECDSA.		 string Readonly
ecdsa_public_key_order ECDSA Elliptic Curve Public Key Order

The order of generator G in ECDSA.		 string Readonly
ecdsa_public_key_seed ECDSA Elliptic Curve Public Key Seed

The bytes used during curve generation for later validation in ECDSA.| Contents of this array are copied to protect against subsequent modification.		 array of string Readonly
is_ca True if this is a CA certificate. boolean Required
Readonly
is_valid True if this certificate is valid. boolean Required
Readonly
issuer The certificate issuers complete distinguished name. string Required
Readonly
issuer_cn The certificate issuer's common name. string Readonly
not_after The time in epoch milliseconds at which the certificate becomes invalid. EpochMsTimestamp Required
Readonly
not_before The time in epoch milliseconds at which the certificate becomes valid. EpochMsTimestamp Required
Readonly
public_key_algo Public Key Algorithm

Cryptographic algorithm used by the public key for data encryption.		 string Required
Readonly
public_key_length Size measured in bits of the public/private keys used in a cryptographic algorithm. integer Readonly
rsa_public_key_exponent An RSA public key is made up of the modulus and the public exponent. Exponent is a power number. string Readonly
rsa_public_key_modulus An RSA public key is made up of the modulus and the public exponent. Modulus is wrap around number. string Readonly
serial_number Certificate's serial number. string Required
Readonly
signature The signature value(the raw signature bits) used for signing and validate the cert. string Required
Readonly
signature_algorithm The algorithm used by the Certificate Authority to sign the certificate. string Required
Readonly
subject The certificate owners complete distinguished name. string Required
Readonly
subject_cn The certificate owner's common name. string Readonly
version Certificate version (default v1). string Required
Readonly

X509Crl (schema)

A CRL is a time-stamped list identifying revoked certificates.

Name Description Type Notes
crl_entries List of X509CrlEntry. array of X509CrlEntry Readonly
issuer Issuer's distinguished name. (DN) string Readonly
next_update Next update time for the CRL. string Readonly
version CRL's version number either 1 or 2. string Readonly

X509CrlEntry (schema)

Each revoked certificate is identified in a CRL by its certificate serial number.

Name Description Type Notes
revocation_date Revocation date. string Readonly
serial_number The revoked certificate's serial number. string Readonly

XForwardedForType (schema) (Deprecated)

x-forwarded-for type

Name Description Type Notes
XForwardedForType x-forwarded-for type string Deprecated
Enum: INSERT, REPLACE